[lug] XP floods linux network, ideas ?

Dean Brissinger Dean.Brissinger at vexcel.com
Tue May 3 18:15:23 MDT 2005

On Tue, 2005-05-03 at 15:02 -0600, chuck morrison wrote:
> On Tuesday 03 May 2005 01:19 pm, Ken MacFerrin wrote:
> ...
> > > Chuck,
> > > If these are Win 2K/XP machines and you have DNS setup for your network
> > > you can disable NetBIOS over TCP/IP on the Windows machines.  I would
> > > think this should stop the NBNS floods.
> I've tried that. Problem there is that it eliminates access to old workgroup 
> shares. Not a problem for me :) , but the windows users would complain, to 
> say the least.

	Windows 98 (release 2) and newer have the APIPA model.  APIPA
spontaneously creates a small network without requiring any
configuration.  It is intended for very small networks.  You can provide
a set of common services to keep APIPA away.  Proper dhcp, ddns, a PDC,
AD, and/or WINS are needed.  In APIPA mode your machines broadcast for a
DHCP server once every 5 minutes.  And broadcast about 10 times to
discover other machines on the network every 15 minutes.  From what you
describe you might have a large network loop or all 100 machines are
broken at once.

	From your posts it sounds like you have at least 100 Windows machines
not using a domain controller or active directory.  Also I read that you
have no broadcast filtering or segmenting.  You can get a high
performance layer 3 switch to control these kinds of problems with VLANs
for about $5K.  With 100 Windows machines you are overdue for a Windows
server.  Samba works great for file sharing but it is not a Windows
server replacement for a large network.

> Part of the issue is that if dhcp fails, the PC uses APIPA (like zeroconf)  
> gives itself a 169.254.x.x address for a while, until it gets a real dhcp 
> address. It's not that dhcp fails, but that when switching networks XP 
> doesn't ask the right questions right away. During that time it's spewing 
> netbios broadcasts from that address. Given that our network is a 192.168.x.x 
> range, there is no way a wins server can reply to the spewed broadcasts (at 
> least directly).
> I'll look into providing an interface into from the wins server.

	Is the lease time on your dhcp server is too short?  Try making it
twice as long as it takes a laptop to leave and come back.  Say 2 days
or 1 week for users who regularly come and go.  You will have this
problem with any laptop regardless of the OS.  Linux/Unix however don't
try to spontaneously create a network like the home PC marketed
machines.  They instead just hang up for a while.

More information about the LUG mailing list