Re: [Nolug] WinXP problems

From: Brad Bendily <brad_at_selu.edu>
Date: Sun, 12 Dec 2004 09:45:53 -0600 (CST)
Message-ID: <Pine.LNX.4.44.0412120921220.11207-100000@cliffy.selu.edu>

> A). What the &$*%# is going on with XP? What causes it to DoS a LAN?
>
> B). How can a laptop be told to say on its side of the fence (we're talking
> clueless sales dweebs that aren't smart enough to toggle the wireless NIC off
> when they enter the building)?
>
> C). I'm looking for ideas (links, too) about these problems, technical
> descriptions thereof, solutions and work-arounds.
>

We've seen a couple different issues on campus. The first, which XP et al,
are extremely prone to is viruses. Many viri do bad things to networks.
For instance they try to scan your entire network thereby causing every
machine on the network to send arp broadcast. I don't know specific names
of viri, but there are many out there.that do network intensive things.
Get two or three of them and they can easily take down a network.

The other thing we've seen is that "Bridging" of your wireless NIC
to your wired NIC. I don't know if anyone has ever worked with a LOT
of network switches, but if you do(or might in the future) one bad
cause of network problems is to plug the same two wires into to
separate ports on two switches. (Hope that makes sense, it's still too
early in the morning.)
What this does is cause a "bridge loop" it may be called different
things, but this causes the switch to get stuck in a loop, meaning
it keeps sending the same packets over and over and fills the switches
memory and makes it a dumb hub. Then it'll start sending that
data across your network. We've seen some interesting stuff, for
instance. We were sniffing and noticed this one machine was
pounding our network. So we trace it down to the specific
machine, then unplug it. The machine was still sending traffic.
Crazy! We thought, then we traced it down to a switch that was
in a loop.

This is the same thing those XP laptops are doing. They flood and
confuse your network by not conforming to standards and protocols
and just send the data across the network without waiting for
response like a good TCP packet should. And the switch sees the
MAC address come from two different places which really confuses
it so he just quits switching and starts sending everything.

Granted this is a gross oversimplification, but it's the general
concept. We've had many network outages due to things of
this nature. If we were 100% switched or actually had routers
between buildings we could minimize the problem, but it's a
trade off. We have 10% yearly downtime with no router management
overhead. Where on the other hand we could have 1% downtime but
manager 30-40 routers. I think we'll stick with the 10%. For now.

I don't know any specific links to the XP Bridging problem, but
I'm sure when you start looking you can find them. I think you
can turn if off once and it should be ok. Maybe turning off
that "Let XP Manage my settings" thing would be a good idea.

Along those lines XP also has a setting that tells it to go out
and scan for network shares and printers. Then it will add
those printers and shares to your list of printers and shares.
AND the best part of all it does this by default, right out of
the box you get this feature!!! I don't know about yall, but
I LOVE it when my machine goes out and finds a random printer
to install on my workstation! No not really. But there is
an obscurely named check box to turn this off too. Let me know
if you need to know what it is. I'd have to look, don't know
off the top of my head.Thankfully.

BB

___________________
Nolug mailing list
nolug@nolug.org
Received on 12/12/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST