Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

Flooded Network

Locked

Novell Server x 1
Windows NT, 2K, XP x 300 approx
3Com 1100, 3300 & 3300FX, 4400 Switches x 23 approx
Cisco Router x 1

Our network is being flooded with broadcasts – We are unable to locate the source of these broadcasts. We do not have any diagnostic utilities bar ‘Transcend’ which shows us we are having too much stress & collisions. Can anyone help us – this has been going on now for over a week.

Thank you.

Topic

Reply To: Flooded Network

In reply to Flooded Network

http://www.ethereal.com
Get Ethereal, install it, and run it to sniff the network when it is being flooded. Then you can see what machines are broadcasting the packets.

Reply To: Flooded Network

In reply to Flooded Network

Your switches are capable to manage the broadcasts.
Login using WEB&IP and check the available options.

Reply To: Flooded Network

In reply to Flooded Network

Without even using sniffer software, you might want to take a look at your advertising protocols. We use a WINS Server to cut down broadcast between the XP Machines. Also, take a look at setting up and configuring SLP for the NetWare Server. This can be done both for the Server as well as the client.

Reply To: Flooded Network

In reply to Flooded Network

are the windows xp security patches up to date?Is your antivirus software up to date? Look in the c:\windows\system32\wins folder for srvchost and one other file (I’ve forgotten the second filename) this may be an indication that your xp machines have been infected by one of the blaster virus variations. which can be the cause of similar problems.

Reply To: Flooded Network

In reply to Flooded Network

Run a utility to check for worms. They may get through your virus software and for the past month or so they seem to be hitting a lot of routers, and assorted hardware. It doesn’t hurt the equipment but it may cause them to reboot periodicaly and it definitely increases your traffic on the network. Stinger.exe is a Network Associates (mcaffee) scanner that will search a machine only for worms… I think they are up to about 35 or so varients. A packet sniffer is a good tool.. but expensive for a “one-time” solution, which hopefully it is.
Get XPSP2 (service pack 2) when it comes out later this month (possibly) and install it on the XP machines. We’ve been seeing a lot of traffic lately on our XP machines on port 135 which I think is related to the remote features.
You could install BorderManager on the Novell server to act as a firewall and then see the activity for yourself. But that again is a more involved installation.

Reply To: Flooded Network

In reply to Flooded Network

Heh, don’t bother getting ethereal unless you’re going to use it with another program called ettercap. Ettercap is not only a poisoner, but can detect other poisoners and / or probes. Sounds like YOU’RE the one being sniffed. check your tables for new additions for ip and mac combinations. I’m guessing you’ll see a lot of MACs you’ve never seen before. And I would suggest restricting pop3 activity until you get this figured out. Change your admin passwords as well, because I’m sure, whoever itis, already has them….take swift action before all is lost my friend.

Reply To: Flooded Network

In reply to Reply To: Flooded Network

Poster rated this answer.

Reply To: Flooded Network

In reply to Flooded Network

I appreciate all the responsis my question has received, we have tried many and seemed to be on top of it for a period. All was looking good up to last week when we began to get flooded again. Will try suggestions from last three making response 6 a priority. Thanks again…

Reply To: Flooded Network

In reply to Flooded Network

This question was closed by the author

[Author]

Replies