Large upload/download at 2 am; but can't figure out which machine
Have some large upload/download bandwith occurring from 2:10 am until around 2:50 am.
About 3GB down, and 4 Up
If I check the Bandwidth by users, I don't see any thing which matches the usage
For the life of me, I can't figure out what machine (or machines) generated the traffic (I think user may of been tricked into running something as we have just been barraged with directed attack spam email over the last week or so - pretty scary when you can't tell if the correspondence is legit or not, and the Antivirus says its safe; but find obfuscated vb scripting embedded in documents)
It shows in both the report server and dimensions in the external bandwidth reports; but I cant correlate what machine, and the external IP address. Been digging through the firewall logs filtering out anything I can identify as good; but unsure if I can determine bandwidth
Anyone have any insight or be able to help me figure this out?
Unit is a M270, running Version : 12.5.3.B616762
TIME UPLOAD (MB) UPLOAD RATE (MBPS) DOWNLOAD (MB) DOWNLOAD RATE (MBPS)
2020-08-18 02:10:00 0.76 0.01 1.97 0.03
2020-08-18 02:20:00 3,168.18 42.24 4,097.65 54.64
2020-08-18 02:50:00 0.27 0 0.91 0.01
Running a DSL 25Mbit down, 10Mbit up so am not even sure that dsl modem throughput can handle