[lug] XP floods linux network, ideas ?

Ken MacFerrin lists at macferrin.com
Tue May 3 11:33:40 MDT 2005 

chuck morrison wrote:
> I have an odd situation happening on the company network that I wondered if 
> anyone else has had to deal with. This is a heterogenus network with mostly 
> linux servers (including dhcpd) with Windows XP clients. A large number of 
> the Windows clients are laptops which go home at night, thus changing 
> networks.
> 
> When a laptop returns to the network after being on a different network, a 
> cute little MS "feature" called apipa kicks in. When the laptop can't 
> reaffirm it's last (dhcp supplied) IP address, apipa kicks in and assigns the 
> laptop a 169.254.x.x address and proceeds to flood the network with UDP 
> (NBNS) packets advertising its new address and trying to re-establish old 
> connections via Netbios. Any one PC doing this can spew several thousand 
> messages per second and effectively cripples the network for some period of 
> time. After doing this for a while (usually 5 minutes) the PC requests a new 
> dhcp lease and if it succeeds all is well. If for some reason it can't, it 
> continues like this for up to 10 times (roughly an hour).
> 
> The cure from a client standpoint appears to be adding a registry setting, 
> which we have done to over 100 PCs.
> 
> I was wondering if anyone else had run into this and succeeded in reducing or 
> eliminating the negative effects (bringing down the LAN) by doing something 
> on the (linux dhcpd) server side ? I'm considering some expensive switches 
> with IP based filtering. Any suggestions ?
> 
> Thanks,
> 
> Chuck Morrison

Chuck,
If these are Win 2K/XP machines and you have DNS setup for your network
you can disable NetBIOS over TCP/IP on the Windows machines.  I would
think this should stop the NBNS floods.

Otherwise, you can designate one samba server as an WINS (NBNS) server.
 In the primary samba server smb.conf just add:

	wins support = true

In your _other_ Samba servers:
	wins support = false
	wins server = nbns.server.ip

You can then configure your ISC dhcpd to inform the client pc's.  In
dhcpd.conf:

	option netbios-name-servers nbns.server.ip;
	option netbios-node-type 8;

-Ken

More information about the LUG mailing list