[lug] XP floods linux network, ideas ?
cmorrison at greeleynet.com
Mon May 2 18:38:23 MDT 2005
On Monday 02 May 2005 05:56 pm, David Anselmi wrote:
> chuck morrison wrote:
> > When a laptop returns to the network after being on a different network,
> > a cute little MS "feature" called apipa kicks in. When the laptop can't
> > reaffirm it's last (dhcp supplied) IP address, apipa kicks in and assigns
> > the laptop a 169.254.x.x address and proceeds to flood the network with
> > UDP (NBNS) packets advertising its new address and trying to re-establish
> > old connections via Netbios.
> Have you sniffed the DHCP conversation to see whether the client gets a
> NAK when it tries to renew a bad address? Perhaps your DHCP server is
I've done a lot of sniffing in the last month. The issue isn't that dhcp
doesn't work, it does, and very well. Depending on how much havoc the PC(s)
in question cause, it always gets a valid dhcp lease eventually.
One way that APIPA works, although not well documented, is that if the PC
(usually a laptop) plugs into a different network than it was last on, and is
not rebooted (just put in sleep mode or moved from one network to another) it
will attempt to renew it's lease from its original dhcp server. When that
fails (and it always will in this case since it can't get to that server...
different network) it grabs a 169.254.x.x address from apipa and doesn't
attempt a new dhcp lease for 5 minutes. During that 5 minutes it's spewing
packets at 255.255.255.255 and clogging bandwidth. If another PC attempts to
connect to the dhcp server and fails during this time (and I've seen it
happen) then things get out of control quickly.
In some ways it's a people training issue. Lots of folks don't like to reboot
or release/renew network connections. It's not an issue for linux clients
except that they're affected by slow network access too. Until we can get all
those apps running on linux...
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG