General discussion

  • Creator
    Topic
  • #2297918

    Flooded Network

    Locked

    by dnme ·

    Novell Server x 1
    Windows NT, 2K, XP x 300 approx
    3Com 1100, 3300 & 3300FX, 4400 Switches x 23 approx
    Cisco Router x 1

    Our network is being flooded with broadcasts – We are unable to locate the source of these broadcasts. We do not have any diagnostic utilities bar ‘Transcend’ which shows us we are having too much stress & collisions. Can anyone help us – this has been going on now for over a week.

    Thank you.

All Comments

  • Author
    Replies
    • #2673379

      Reply To: Flooded Network

      by joseph moore ·

      In reply to Flooded Network

      http://www.ethereal.com
      Get Ethereal, install it, and run it to sniff the network when it is being flooded. Then you can see what machines are broadcasting the packets.

    • #2671865

      Reply To: Flooded Network

      by gigelul ·

      In reply to Flooded Network

      Your switches are capable to manage the broadcasts.
      Login using WEB&IP and check the available options.

    • #2671629

      Reply To: Flooded Network

      by aconnor ·

      In reply to Flooded Network

      Without even using sniffer software, you might want to take a look at your advertising protocols. We use a WINS Server to cut down broadcast between the XP Machines. Also, take a look at setting up and configuring SLP for the NetWare Server. This can be done both for the Server as well as the client.

    • #2671442

      Reply To: Flooded Network

      by chris910 ·

      In reply to Flooded Network

      are the windows xp security patches up to date?Is your antivirus software up to date? Look in the c:\windows\system32\wins folder for srvchost and one other file (I’ve forgotten the second filename) this may be an indication that your xp machines have been infected by one of the blaster virus variations. which can be the cause of similar problems.

    • #2688462

      Reply To: Flooded Network

      by pipe guy ·

      In reply to Flooded Network

      Run a utility to check for worms. They may get through your virus software and for the past month or so they seem to be hitting a lot of routers, and assorted hardware. It doesn’t hurt the equipment but it may cause them to reboot periodicaly and it definitely increases your traffic on the network. Stinger.exe is a Network Associates (mcaffee) scanner that will search a machine only for worms… I think they are up to about 35 or so varients. A packet sniffer is a good tool.. but expensive for a “one-time” solution, which hopefully it is.
      Get XPSP2 (service pack 2) when it comes out later this month (possibly) and install it on the XP machines. We’ve been seeing a lot of traffic lately on our XP machines on port 135 which I think is related to the remote features.
      You could install BorderManager on the Novell server to act as a firewall and then see the activity for yourself. But that again is a more involved installation.

    • #3369423

      Reply To: Flooded Network

      by dafukka ·

      In reply to Flooded Network

      Heh, don’t bother getting ethereal unless you’re going to use it with another program called ettercap. Ettercap is not only a poisoner, but can detect other poisoners and / or probes. Sounds like YOU’RE the one being sniffed. check your tables for new additions for ip and mac combinations. I’m guessing you’ll see a lot of MACs you’ve never seen before. And I would suggest restricting pop3 activity until you get this figured out. Change your admin passwords as well, because I’m sure, whoever itis, already has them….take swift action before all is lost my friend.

    • #2687956

      Reply To: Flooded Network

      by dnme ·

      In reply to Flooded Network

      I appreciate all the responsis my question has received, we have tried many and seemed to be on top of it for a period. All was looking good up to last week when we began to get flooded again. Will try suggestions from last three making response 6 a priority. Thanks again…

    • #2697109

      Reply To: Flooded Network

      by dnme ·

      In reply to Flooded Network

      This question was closed by the author

Viewing 7 reply threads