Re: Ping of Dead on LAN
From: Roger A. Grimes (rogerg_at_cox.net)
Date: 07/15/03
- Previous message: Dave C: "Re: Monitoring the network: Routers"
- In reply to: Nathan: "RE: Ping of Dead on LAN"
- Next in thread: Darren Gragg: "RE: Ping of Dead on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <nathan.grandbois@cerdant.com>, "'Darren Gragg'" <admin@bsbks.com>, <security-basics@securityfocus.com> Date: Tue, 15 Jul 2003 12:49:17 -0400
You can turn on and off accepting packet fragmentation in Sonicwall's GUI.
I believe it's turned off by default.
I'm a little skeptical that this is a MTU problem, but I'm skeptical that
I'm intelligent enough to participate in this conversation at all. <grin>
Darren can test this theory by modifying XP's registry to turn off MTU
fragmentation.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf
aces\ID for AdapterTcpip\Parameters\EnablePMTUDiscovery
Set it to zero vs. the default of 1, reboot and see if turning off large MTU
sizes fixes the problem.
Also, Darren can use Sonicwall's packet capturing ability to see if
fragmentation flags are set on the packets causing the problem.
Roger
****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg@cox.net
*cell: 757-615-3355
*Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
****************************************************************************
*****
----- Original Message -----
From: "Nathan" <nathan.grandbois@cerdant.com>
To: "'Roger A. Grimes'" <rogerg@cox.net>; "'Darren Gragg'"
<admin@bsbks.com>; <security-basics@securityfocus.com>
Sent: Tuesday, July 15, 2003 9:13 AM
Subject: RE: Ping of Dead on LAN
> I've seen this myself on a Pro300. It is an issue in the sonicwall where
> they are over protective. Every time a fragmented packet crosses the
> sonicwall it logs it as a ping of death and drops it (I assume it drops
it).
> I've talked to our regional sonicwall engineer and they said it is
something
> they know about and are working on. You can set the Path MTU on your
windows
> machine to be lower, try like 1440, to prevent packet fragmentation. You
> might also try messing with the MTU on the SonicWall, but I don't think
that
> is where the problem is. Your right about the XP thing, as the customer we
> manage only has this problem with IP's associated with XP machines. It's
> something to do with XP fragmenting packets.
>
> -Nathan
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Dave C: "Re: Monitoring the network: Routers"
- In reply to: Nathan: "RE: Ping of Dead on LAN"
- Next in thread: Darren Gragg: "RE: Ping of Dead on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
