okay so i built a diy intrusion detection box for my network, even though i now know the infection came from inside the network. suddenly my network went from 1.0-2.0 MB/s to 4.0-7.5MB/s. we are paying for 7.5MB/s but due to wireless limitations only one wireless box has 1300 mbit dual channel wireless n/ac. that one gets the full speed connection, the rest get what their laptop wifi does. except the ones using ethernet over powerline. someone told me that it was probably line noise because of the number of devices we have, which doesn't make sense to me, but ok. also the diy box has squid transparent proxy enabled, another reason could be multicast, the wifi router is a decent one but consumer grade was putting a real cpu (quad core) that big a difference in ability to multicast and cache data efficiently?
the cpu was the cheapest low watt cpu i could find, but the box still idles at 26 watts (inline power consumption measuring device) which i know is a lot for just an idps box. still it was cheap but is only as well configured as i know how to which isn't much knowledge at all, i tried about 7 different distros before picking one. it is amazing it made that big a difference in network performance though.
the only other reason i can think of for the bandwidth is a botnet is being blocked by the new firewall that the old router didn't fix/block.