RE: The cat came and stayed..
- From: "Erin Carroll" <amoeba@xxxxxxxxxxxxxx>
- Date: Wed, 28 Mar 2007 16:35:26 -0700
I kept hoping that this subject would work its way around to a
pen-test-related issue but this seems to have devolved into a routing debug
issue. Further posts on this subject, unless pen-test related, will be
rejected.
--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Buz Dale
Sent: Wednesday, March 28, 2007 3:53 PM
To: WALI
Cc: pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: The cat came and stayed..
I'm going to ask some questions to clarify my spotty
networking knowledge. Essentially, you have routers
connecting buildings "A" and "B" and when you turn off the
routing and make them layer two devices (Bridging mode)
things work as expected. To me this implicates a layer three problem.
Perhaps an IP conflict with the router, a machine
masquerading as the gateway (perhaps responding to arps for
the gateway ip) or a bad route. I would start looking at
layer three misconfigurations. Maybe a dhcp server is giving
a bad gateway or somesuch. What happens when you traceroute
between the networks? Do you have extra hops? Are there
specific places with time lags?
Thanks,
Buz
On 3/28/07, WALI <hkhasgiwale@xxxxxxxxx> wrote:
would have
By the time you have finished reading this, I am sure you
come across the most fascinating networking issue haunted by ourchasing...),
friendly ghost Casper.
With reference to my earlier thread, (Re: When cat comes
this time the cat came and stayed. Having exploited most of myEoATM 100 mbps
resources , I finally decided to involve our ISP hoping that this
would be the end of it...but it wasn't supposed to be that way.
So, to cut a long story short, ISP had provided us with
link between two locations, say A and B.felt that we
But, since the line was given, we felt that we were not only having
intermittent problems that required switch reset but also
were not getting the right speed and the data transferrates(FTP copy
and otherequipment to
stuff) was really not befitting a 100Mbps link.
In order to make sure, this time the ISP guy brought some
our premises and confirmed that speed at Layer 2 is indeed 100.converters are also set at 100Mbps.
There are two cisco routers across Sites A and B and two media
changers at each end converting Fiber to UTP. Media
routers (Site A
Now a strange thing is that when we configure the two
andsame ISP to
B) in 'bridging' mode and start data transfer across, the speed
becomes incrementally fast ( which should be taken as normal at all
times). There is also another 100Mbps link provided by the
us between Buildings A and C, which works just fine, as itshould be.
mode, We
The moment we enable our routers at Site A and B in Routing
get to suffer delays and all data transfers slow down, withoutrouters are
bringing any core/edge switches into the picture.
Various things have been done to reach some conclusion:
1. Ip Router configurations has been reset and put to bare minimum
needed with ipcef enabled, all QoS commands disabled.
2. Configurations has been checked with all combinations of Speed
Auto/100 FullDuplex/Auto with best results coming out of FD/100 but
still far below satisfactory.
3. Equipment which serves between Site A and C has been temporarily
put between Site A and B, with same non-satisfactory results.
4. Earthing issues/Electrical disruption in the Room where
located has been looked into. Routers on both sides havebeen changed
to rule out hardware issues. We also did a test on the line byelectrical disturbance of any sort.
bringing our routers into another room ruling out some
100mbps, Layer 3
Seems like, at Layer 2, despite being showing us full
and above transfers are unable to provide the required service.as most of
Opening applications across the two buildings is very slow
our servers reside at Site A with user base at Site B.pure fibre
Currently this ISP engineer has provided us with a patched
link between Sites A and B without any intervening ISP equipment inbuildings
between and we have connected our two core switches in both
directly to the UTP interface of Media converter but that's not theside and
permanent solution. ISP Engineer is also trying hard to find this
ghost problem. He says that he has found no problems on his
the only thing that comes in the middle is a MPLS enabledrouter. But even he is a bit baffled.
re-inserts it, the
What else can we look at?
Thanks for taking time to read this whole ghost story. If you have
read this all, I am sure you won't stop thinking ;)
At 12:57 AM 3/24/2007 +0100, Antonin Kral wrote:
Hi Wali,
* WALI <hkhasgiwale@xxxxxxxxx> [2007-03-24 00:50] wrote:
Crazy Solution: I take out any patch cable and
four switchesproblem gets resolved. I reset any switch, the problem gets
resolved. I disconnect any uplink cable between the
resolved for couple of hours or even days.or do a ARP reset thru command line, the problem gets
network. Do you
This sounds like problems with spanning tree in the
stp. Or onerun STP? Take a look at the topology changes reported by
not runningmore thing - this could happen because of over-fulling CAM
(switching) tables of particular switch. Check if you are
----------------------------------------------------------------------out of memory somewhere.
Cheers,
Antonin
---------------------------------------------------------------------
---
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7
01600000008bOW
---------------------------------------------------------------------
---
--http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
1600000008bOW----------------------------------------------------------------------
--
--
Buz Dale buz.dale@xxxxxxx
IT Security Specialist 1-888-875-3697 (In GA)
1-706-583-2005
Office of Information and Instructional Technology University
System of Georgia GMT -5:00
--------------------------------------------------------------
----------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW
--------------------------------------------------------------
----------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- References:
- Re: The cat came and stayed..
- From: Buz Dale
- Re: The cat came and stayed..
- Prev by Date: Re: The cat came and stayed..
- Next by Date: Re: nbns spoofer
- Previous by thread: Re: The cat came and stayed..
- Next by thread: how to organize a pen-tester introduction course
- Index(es):
Relevant Pages
|
