[enzit]

I recently connected a 3rd pc to my network and i noticed that my internet connection slowed to a crawl. after some through searching i discovered that it was the 3 computer so i scanned/rescanned the computer and found no virii/spyware but the packed sending is extream over 100k in less than 30 min. i turned up the firewalls to extream amounts shutdown all ports but it is not slowing. im completly stumped and any help would be very much apreichiated

[StumpedTechy]

Have you checked your system event logs? Checked it on Safe mode with network support? Tried reloading the network drivers in case somethings gone wonky with them? Maybe (but doubtful if your seeing the sends going up on the PC side) try moving the 3rd computer to another port on the router/switch in case something is wrong there. I have had machines that scan clean that still have junk in startup that might be causing something hokey to happen.

[zx10guy]

Have you examined the network traffic with a packet sniffer?

What you're describing is something I've seen on two occassions at my job. The issue I was running in to was something was causing my corporate PIX firewall to run out of memory. After some tracking and examination of log files, I was able to isolate the issue to a single computer on the corporate network. The problem was this computer was doing a massive packet flood to the network which was in the form of a bunch of UDP packets. Because UDP packets are not connection oriented and because the firewall is stateful, the PIX had to keep a record of each UDP connection going from the inside out to the internet. Each state record consumes memory and processor cycles. Because UDP of not connection oriented like TCP is and the fact that the firewall is stateful, the firewall has to keep each UDP connection/session for a pre-determined time to allow the return traffic to make it back into the internal network. If the default expiration time for UDP traffic is too long in relation to the amount of UDP traffic generated, you have a situation where tear downs of UDP sessions are not quick enough to release memory and processor resources before new UDP sessions hit the firewall.

An option to fix this problem is to shorten the UDP teardown time but for consumer and SMB grade router/firewalls, this really isn't an option which is available. So you have to figure out why this particular PC is generating this type of traffic.

From the analyzation of the logs, the situation at my corporate network raised some serious concerns with me as the destination IPs were all IPs which are based in foreign countries particularly former Eastern block countries. If you can't figure out why this PC is doing this, you really have no choice but to wipe the OS and re-install. This is the reason why I feel people have a false sense of total reliance on anti-spyware/virus scanners. If a piece of malware/virus code has never been seen in the wild, your anti-spyware/virus scanners are going to miss this and you think you're ok which in actuality you're not.

[enzit]

thank you both for your quick responses. through the logs and some trial and error i have figured that it was a combination of spyware and java yes i disabled the java program and the packet sending stopped and my network traffic went down to a normal level im still keeping my eye on the computer because i have a feeling that there is some spyware/virii on it and i have 3 different programs from multiple comps running scan for the night. again thank you for all the help