I understand that this is rather a generic question but wanted to see if you all could offer some good feedback.
Our business has three locations, one in the West Coast, two in the East Coast. Our two East Coast locations seem to experience random high ingress traffic spikes causing the ISP to shut down access for high bandwidth. This triggers alerts from nagios as the nagios server is on the West Coast and is unable to connect to the remote locations. I should note that this isn't only based off nagios alerts, users in the two troublesome locations confirmed the loss of internet access. The ISP has also confirmed the temporary shut off.
That said, the ingress traffic increase is anywhere from 10-20x higher than normal usage. Business is performed as normal during these random times, nothing out of the ordinary going on.
We do not have access to the router, only the ISP does, and the ISP has confirmed that their routers are fully functional.
What could this be? Compromised machines (botnet? But why the high ingress traffic)? Bad switch (could a bad switch cause a 10-20 fold increase in ingress traffic)? I'm open to any and all ideas.