Multiple router problem

[click61]

Hi.

A friend of mine (Rob) has set up a network at his work and has had a strange problem pop up.

He has two D-Link DI-624+ wireless firewall/routers on his network. These are located in separate buildings about 50 metres apart. Everything runs fine until someone reboots one of the Windows XP computers on the network. Then the network goes crazy and the routers light up as if the network is saturated with traffic. Network performance crawls to a near stop.

The only way to halt this is to re-boot one of the routers and then everything settles down to normal until the next time someone boots up an XP machine. Strangely it doesn't happen when booting Win98 or Win2k machines. Just XP.

The routers are configured with different IP addresses and have the latest firmware installed, and as I said, normally everything runs fine, until an XP machine boots.

So, any ideas out there? We've spent quite a bit of time trying to think this one out we're fresh out of ideas on where to look.

Thanks in advance for any advice.
Click.

 

[office politics]

run a sniffer to find out what the machine is trying to do. I do remember hearing that xp machines have problems on networks that have different windows versions deployed. However, i have one of the only xp machines in my building and it doesn't behave irradically :shugs:

you can use Ethereal for packet sniffing

 

[Inaris]

do your XP machines have any logon scripts or net configs that run when the come online?

 

[gabe]

virus attacks!!! run!!! hehe jk. These guys have very good advice, follow those and please, follow-up in case someone else has the same issues

 

[click61]

Hi,

Thanks for the advice.

We've tried looking for some comon denominator that causes problem and all we've managed to find is that we can have all computer switched off and the act of booting up a single XP machine causes the run-away condition. Re-boot a rounter and the network stabilizes and stays stable. Wierd! Also, if we disconnect one of the reouters and boot up an XP machine, all runs fine.

None of the machines run any logon scripts. They're very plain Wintel boxes running XP and Office type applications.

Anyway, I'll try a packet sniffer and report any results and/or fix.

Thanks again.

 

[killians45]

does it do this RIGHT AWAY? as in, when turned on it does this shortly after, or is it only after loading in the XP environments. Reason I'm asking is because if these systems were pre loaded with XP from a company, and are newer you may want to check and make sure that PXE is disabled in its bios, or network boot whatever it maybe called, unless you have need of it....

 

[click61]

Hi,

A quick follow-up. We ran a packet shiffer on the network and it reported a flood of SSPD packets to IP 239.255.255.250.

These packets are originating form the XP machine that's recently booted.

Here's what happens:

1. Network running nice and stable.
2. Boot any of the XP machines.
3. As XP boots we see more and more traffic on the network (SSDP packets sent by the *booting* machine). This build up over about 20-30 seconds until the network is virtually saturated.
4. Re-boot one of the two routers on the network and the XP machine stops sending the SSDP packets and everything stabilizes.

At least we've got an idea of what's happening. I'm off to Google SSPD and see what I can learn about that.

Any ideas here?

 

[Win2kpatcher]

If possible try hooking up another XP box to the nework..spare..laptop..any xp box. Then see if the symptoms occur. That way you can see of the problem XP box is possibly infected with som type of trojan causing a DoS attack.

 

[killians45]

did you disable ICF/ICS? If NAT Router you shouldnt need that, it handles this... not sure if this pertains as I'm just skimming, but here is a different post:

I might have an idea.

XP home uses workgroups only. I've also seen that xps in workgroups chatters
incessantly to each other... Joining them to a domain quiets them down quite a
bit. THis might be your problem too?

 

[click61]

Hi,

Thanks for the replies.

We've checked all machines for viruses/trojans etc. and found nothing.

We've tried with multiple XP machines on the network and it's always the act of booting any XP box that causes the problem. Re-boot one of the rounters after the XP machine boots, and everything settles down until the next XP machine boots, then all hell breaks loose again.

I'll check tomorrow but I'm pretty sure that ICF and ICS are disabled on all machines.

All machines are currently running on a workgroup. We'll might try setting up a domain next week and see how that goes.

Thanks again.
I'll keep you all posted.