WSUS and Internet Usage Travis Jacoby 12/2/2008 8:43:06 PM Hey Everyone, I have an issue where all of my WSUS servers are communicating with what appears to be Limelight content servers (cds216.lax.llnw.net, cds771.lax.llnw.net, etc). This communication is happening during the day, outside of my WSUS sync schedule and is using up 100% of my internet bandwidth. Between the 8 WSUS servers I have running they have downloaded around 10 GB of data in the last hour. I am wondering why my all of my WSUS servers are communicating with this CDS provider when I have all of the WSUS servers at my branch locations looking to my Master WSUS server for their updates? Also, why is my Master WSUS server communicating with these CDS servers outside of the sync schedule? Any help or insight is welcomed. Travis

Re: WSUS and Internet Usage "Lawrence Garvin \(MVP\)" <lawrence[ at ]news.postalias> 12/2/2008 10:01:34 PM "Travis Jacoby" <Travis Jacoby[ at ]discussions.microsoft.com> wrote in message news:59A86A2D-CDFA-4AAF-AACF-C4F9ED9CCF78[ at ]microsoft.com... [Quoted Text] > Hey Everyone, > > I have an issue where all of my WSUS servers are communicating with what > appears to be Limelight content servers (cds216.lax.llnw.net, > cds771.lax.llnw.net, etc). And this conclusion is based on.... ??? > This communication is happening during the day, > outside of my WSUS sync schedule and is using up 100% of my internet > bandwidth. Between the 8 WSUS servers I have running they have downloaded > around 10 GB of data in the last hour. No possibility that your WSUS Servers have been *compromised*? *WHAT* have they downloaded? Where is this 10GB of data physically stored on the server? > I am wondering why my all of my WSUS servers are communicating with this > CDS > provider when I have all of the WSUS servers at my branch locations > looking > to my Master WSUS server for their updates? Your *assumptions* are most likely the first flaw in your diagnostic efforts. Based on what *evidence* do you believe that these connections are being initiated by =WSUS=, as opposed to a gazillion other possibilities? > Also, why is my Master WSUS > server communicating with these CDS servers outside of the sync schedule? Probably for the same reason all the others are, and I'll bet it has absolutely nothing to do with WSUS! -- Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP Principal/CTO, Onsite Technology Solutions, Houston, Texas Microsoft MVP - Software Distribution (2005-2009) MS WSUS Website: http://www.microsoft.com/wsus My Websites: http://www.onsitechsolutions.com; http://wsusinfo.onsitechsolutions.com My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Re: WSUS and Internet Usage "Hank Arnold (MVP)" <rasilon[ at ]aol.com> 12/3/2008 11:55:33 AM Travis Jacoby wrote: [Quoted Text] > Hey Everyone, > > I have an issue where all of my WSUS servers are communicating with what > appears to be Limelight content servers (cds216.lax.llnw.net, > cds771.lax.llnw.net, etc). This communication is happening during the day, > outside of my WSUS sync schedule and is using up 100% of my internet > bandwidth. Between the 8 WSUS servers I have running they have downloaded > around 10 GB of data in the last hour. > > I am wondering why my all of my WSUS servers are communicating with this CDS > provider when I have all of the WSUS servers at my branch locations looking > to my Master WSUS server for their updates? Also, why is my Master WSUS > server communicating with these CDS servers outside of the sync schedule? > > Any help or insight is welcomed. > > > Travis No way it's WSUS. Sounds like someone is using the servers for something inappropriate... Who else can log on and have admin rights? Have you checked for installed programs? I'd look at what is starting up on boot as well as running processes and scheduled tasks.... Sure sounds like your servers have been compromised... -- Regards, Hank Arnold Microsoft MVP Windows Server - Directory Services