I think I have tracked down where the data is coming from 72.14.253.95.
After the ASG v7b 6.836 has been up for a number of days it starts to download large quantities of data which I thought was caused by "prefetch", still not 100% "prefetch" doesn't have something to do with it.
This morning with only 1 PC connected and not doing any internet work my download count jumped 200mb in a matter of minutes.
tcpdump -i eth1 showed large quantities of data continually being downloaded from 72.14.253.95. DNS lookup doesn't resolve it back to a url.
I rebooted the ASG and the download stopped and has not re-started after 30 minutes. It seems to take a couple of days before this behaviour starts.
It did stop while the ASG performed a link test with a group of about 5 pings which explains why the downloads slow or seems to go to sleep for short periods.
Ian M
Guest User!
You are not Sophos Staff.
