[lug] XP floods linux network, ideas ?
chuck morrison
cmorrison at greeleynet.com
Mon May 2 16:38:35 MDT 2005
I have an odd situation happening on the company network that I wondered if
anyone else has had to deal with. This is a heterogenus network with mostly
linux servers (including dhcpd) with Windows XP clients. A large number of
the Windows clients are laptops which go home at night, thus changing
networks.
When a laptop returns to the network after being on a different network, a
cute little MS "feature" called apipa kicks in. When the laptop can't
reaffirm it's last (dhcp supplied) IP address, apipa kicks in and assigns the
laptop a 169.254.x.x address and proceeds to flood the network with UDP
(NBNS) packets advertising its new address and trying to re-establish old
connections via Netbios. Any one PC doing this can spew several thousand
messages per second and effectively cripples the network for some period of
time. After doing this for a while (usually 5 minutes) the PC requests a new
dhcp lease and if it succeeds all is well. If for some reason it can't, it
continues like this for up to 10 times (roughly an hour).
The cure from a client standpoint appears to be adding a registry setting,
which we have done to over 100 PCs.
I was wondering if anyone else had run into this and succeeded in reducing or
eliminating the negative effects (bringing down the LAN) by doing something
on the (linux dhcpd) server side ? I'm considering some expensive switches
with IP based filtering. Any suggestions ?
Thanks,
Chuck Morrison
More information about the LUG
mailing list