[lug] XP floods linux network, ideas ?
Ken MacFerrin
lists at macferrin.com
Tue May 3 13:19:31 MDT 2005
Ken MacFerrin wrote:
> chuck morrison wrote:
>
>>I have an odd situation happening on the company network that I wondered if
>>anyone else has had to deal with. This is a heterogenus network with mostly
>>linux servers (including dhcpd) with Windows XP clients. A large number of
>>the Windows clients are laptops which go home at night, thus changing
>>networks.
>>
>>When a laptop returns to the network after being on a different network, a
>>cute little MS "feature" called apipa kicks in. When the laptop can't
>>reaffirm it's last (dhcp supplied) IP address, apipa kicks in and assigns the
>>laptop a 169.254.x.x address and proceeds to flood the network with UDP
>>(NBNS) packets advertising its new address and trying to re-establish old
>>connections via Netbios. Any one PC doing this can spew several thousand
>>messages per second and effectively cripples the network for some period of
>>time. After doing this for a while (usually 5 minutes) the PC requests a new
>>dhcp lease and if it succeeds all is well. If for some reason it can't, it
>>continues like this for up to 10 times (roughly an hour).
>>
>>The cure from a client standpoint appears to be adding a registry setting,
>>which we have done to over 100 PCs.
>>
>>I was wondering if anyone else had run into this and succeeded in reducing or
>>eliminating the negative effects (bringing down the LAN) by doing something
>>on the (linux dhcpd) server side ? I'm considering some expensive switches
>>with IP based filtering. Any suggestions ?
>>
>>Thanks,
>>
>>Chuck Morrison
>
>
> Chuck,
> If these are Win 2K/XP machines and you have DNS setup for your network
> you can disable NetBIOS over TCP/IP on the Windows machines. I would
> think this should stop the NBNS floods.
>
> Otherwise, you can designate one samba server as an WINS (NBNS) server.
> In the primary samba server smb.conf just add:
>
> wins support = true
>
> In your _other_ Samba servers:
> wins support = false
> wins server = nbns.server.ip
>
> You can then configure your ISC dhcpd to inform the client pc's. In
> dhcpd.conf:
>
> option netbios-name-servers nbns.server.ip;
> option netbios-node-type 8;
>
> -Ken
PS - The reason for the packet spew is the order in which Windows does
name resolution. IIRC:
1. NetBIOS name cache — queries the local NetBIOS name cache.
2. WINS server — If not resolved in step 1 then it tries using a WINS
server.
[Insert your problem here:]
3. Broadcasts within an IP subnet — If 1 & 2 fail the client tries a
broadcast (a lot of broadcasts) to the other computers in the network.
4. LMHOSTS file — If 3 fails and LMHOSTS lookup is enabled, it looks at
the LMHOSTS file.
5. HOSTS file — If 4 fails the client then looks at the HOSTS file (same
as linux /etc/hosts).
6. DNS server — If 'DNS for Windows Resolution' is enabled the client
queries the DNS server.
-Ken
More information about the LUG
mailing list