[lug] XP floods linux network, ideas ?

Ken MacFerrin lists at macferrin.com
Tue May 3 13:19:31 MDT 2005 

Ken MacFerrin wrote:
> chuck morrison wrote:
> 
>>I have an odd situation happening on the company network that I wondered if 
>>anyone else has had to deal with. This is a heterogenus network with mostly 
>>linux servers (including dhcpd) with Windows XP clients. A large number of 
>>the Windows clients are laptops which go home at night, thus changing 
>>networks.
>>
>>When a laptop returns to the network after being on a different network, a 
>>cute little MS "feature" called apipa kicks in. When the laptop can't 
>>reaffirm it's last (dhcp supplied) IP address, apipa kicks in and assigns the 
>>laptop a 169.254.x.x address and proceeds to flood the network with UDP 
>>(NBNS) packets advertising its new address and trying to re-establish old 
>>connections via Netbios. Any one PC doing this can spew several thousand 
>>messages per second and effectively cripples the network for some period of 
>>time. After doing this for a while (usually 5 minutes) the PC requests a new 
>>dhcp lease and if it succeeds all is well. If for some reason it can't, it 
>>continues like this for up to 10 times (roughly an hour).
>>
>>The cure from a client standpoint appears to be adding a registry setting, 
>>which we have done to over 100 PCs.
>>
>>I was wondering if anyone else had run into this and succeeded in reducing or 
>>eliminating the negative effects (bringing down the LAN) by doing something 
>>on the (linux dhcpd) server side ? I'm considering some expensive switches 
>>with IP based filtering. Any suggestions ?
>>
>>Thanks,
>>
>>Chuck Morrison
> 
> 
> Chuck,
> If these are Win 2K/XP machines and you have DNS setup for your network
> you can disable NetBIOS over TCP/IP on the Windows machines.  I would
> think this should stop the NBNS floods.
> 
> Otherwise, you can designate one samba server as an WINS (NBNS) server.
>  In the primary samba server smb.conf just add:
> 
> 	wins support = true
> 
> In your _other_ Samba servers:
> 	wins support = false
> 	wins server = nbns.server.ip
> 
> You can then configure your ISC dhcpd to inform the client pc's.  In
> dhcpd.conf:
> 
> 	option netbios-name-servers nbns.server.ip;
> 	option netbios-node-type 8;
> 
> -Ken

PS - The reason for the packet spew is the order in which Windows does
name resolution. IIRC:

1. NetBIOS name cache — queries the local NetBIOS name cache.

2. WINS server — If not resolved in step 1 then it tries using a WINS
server.

[Insert your problem here:]
3. Broadcasts within an IP subnet — If 1 & 2 fail the client tries a
broadcast (a lot of broadcasts) to the other computers in the network.

4. LMHOSTS file — If 3 fails and LMHOSTS lookup is enabled, it looks at
the LMHOSTS file.

5. HOSTS file — If 4 fails the client then looks at the HOSTS file (same
as linux /etc/hosts).

6. DNS server — If 'DNS for Windows Resolution' is enabled the client
queries the DNS server.

-Ken

More information about the LUG mailing list