How much traffic can one machine generate?
Yes, one computer with malware, a torrent client, can easily saturate a 5MB link. Heck, it should be easy enough to saturate a 5MB link with just normal network traffic.
You should check some of the questions on the site related to traffic monitoring, and shaping. There is lots of good advice about methods you can discover what is causing the link to be saturated and how to fix it.
- Traffic Management recommendations
- QoS tag
- Network Traffic Monitoring
- Monitor Internet bandwidth
5 mbps is slow compared to what a computer can transfert. So Yes, a computer can use 100% of the internet link. There is 2 major protocols over Internet : TCP and UDP. If other users use TCP based application (like http/smtp/..) this can slow down your connection but you should not get timeout problems. If they use UDP (like if they are streaming a video or doing VoIP) they can saturate the link and you will get lots problem as you have. Just to be sure, when you have your problem with outlook, are you on a wireless network or on a wired one ?
No one has mentioned this yet but one computer spewing broadcast packets as fast as it can on a network can cause a lot of problems on a local network. This problem becomes more of an issue on larger networks.
One funny story with Malware. At one of my previous jobs we had compute cluster of 25 dual Xeon machines back when the MS Blaster virus came out. They were running software that would break with the MS patch that they rushed out. So to protect the cluster of computers we made sure that every computer on our network was fully patched as a level of protection. This worked great until someone brought in an infected laptop and connected to our network. We instantly had 25 dual Xeon's with gigE links flooding our network with traffic. This resulted in 100% packet loss on our local network. Forget about getting to the internet. So yes this is a real threat.
In this case the laptop was one of our sales staff but this could have easily been a guest wireless connection laptop so be careful how you set that stuff up.
Where I work now our guest wireless is not open but has a simple password, is on its own network segment that has no access to our internal networks, and traffic from that network segment is marked as low priority and limited to about 30% of our bandwidth going out to the internet.
- P2P Software can hog bandwidth and a 5Mbps link is quite narrow for torrent communications. A single torrent client communicating with about 25 peers each at 256Kbps will finish your uplink
- A single malware infected machine has the potential of disrupting your enterprise network and also spreading inside the enterprise faster than an infection from the internet
- A malware infected machine can also disrupt your network devices (switches/routers) and servers
- An unsecure wireless AP is probably the worst thing you can do with your network. Besides disrupting and snooping enterprise traffic, you may land up being answerable to things done by people who were never ever on your premises.
- Have you considered the possibility of on-line gaming or streaming software being used in your enterprise? That will take up the 5Mbps too
So, what can you do?
- Consider monitoring traffic by protocol on your uplink. If you have a router or proxy there it will help
- Talk with your ISP to give you a report that classifies the traffic utilization. That will help you figure out exactly what is hogging your bandwidth
- Confirm that your Windows machines are patched correctly and your AV/AS systems are also updated regularly with signature updates
- Explicitly firewall all inbound communications that are not part of your organization policies (if you are not supposed to run a Mail server on any machine except the mail server, block incoming port 25 for all other machines, etc).
Zoredache has already give some very good references. +1