I noticed that our company internet was very slow – and it wasn’t long before one of the higher-ups also noticed and asked me about it.
I went to SpeedTest.net and ran a test – the speeds measured were a fraction of what we should have been getting.
So I went to our pfSense firewall and looked at the traffic graphs (in the Status menu). Sure enough, outbound traffic was maxed out. I noticed that one particular host was responsible for virtually all traffic across the firewall.
This means that not only is Internet traffic for all being slowed down, but so is any traffic bound for the remote data center.
I added a rule to block the host temporarily and then reset all of their connections using the States tab (under the Diagnostics menu).
Eventually the user came and we straightened everything out. I asked them what they were doing, and it was a massive download they had started. Handling the user and educating the user is as important as bringing the Internet back to normal.