Re: Could this be a sign of break-in
From: Newsbox (newsbox_at_MAPS_ON_customers-of-adelphia.org)
Date: 12/03/03
- Next message: Will: "fwlogwatch"
- Previous message: John Bailo: "Question about the passwd file"
- In reply to: Tim Haynes: "Re: Could this be a sign of break-in"
- Next in thread: Phil Boutros: "Re: Could this be a sign of break-in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 02 Dec 2003 20:15:24 -0500
On Tue, 02 Dec 2003 04:46:32 -0500, Tim Haynes wrote:
> Newsbox <newsbox@MAPS_ON_customers-of-adelphia.org> writes:
>
>>> (This was Tim:)
>>> The `transmit timed out' normally means you have an inferior network
>>> card and/or driver - in practice, via-rhine and some 3com chipsets
>>> have been known to give that, worse under intense UDP and high
>>> temperatures. IMNSHO you should get an intel etherpro100 in there if
>>> you're relying on it for anything slightly serious.
>> (This was Newsbox:)
>> I'd like to pick your brain for whatever details you can give me on the
>> via-rhine drivers and/or the chipsets they run on, with respect to
>> specific or reproducible flaws. I have looked into this before, and I'm
>> not saying that your advice to the OP is anything less than the best,
>> at least in the short term. And I know that it's not a big expense or a
>> big deal to replace a NIC (if needed). I have several D-Link DFE-530TX+
>> cards running, and would rather not replace them without knowing a
>> reason to do so, or seeing if D-Link will underwrite the repair.
Thank you for taking your time to write such a good answer. I think you
have given some good things to take back to D-Link and my ISP to help
resolve my (relatively minor, but annoying) issues. Much appreciated.
Sorry to be so long responding, but was trying to be as thorough as
possible before replying.
I have called D-Link again, and hopefully someone there will call me back
as promised. So I am not at a dead end, thanks largely to your advice.
> Always stress-test (CPU, file-system / disk access, network throughput,
> use all the RAM), before you run a box live.
Most of my components are thoroughly stressed at one time or another ;) I
test everything as well as I know how beforehand, because I don't like
unpleasant surprises when I am trying to work.
>> I was new to *nix when I bought my first D-Link NIC, and got it after
>> researching and finding recommendations that this was standards
>> compliant and worked with *nix, whereas some others were not and did
>> not.
>
> The drivers exist. I don't claim to be able to establish whether it's
> quality of driver or card hardware, but the net result is DFE530TX is
> banished from my networks.
>
I apologize for my own lack of clarity. We may inadvertently be "talking
apples vs. oranges". I have checked the D-Link pages, and the 530-TX and
the 530-TX+ use different chipsets. -
The DFE-530TX uses Via Rhine and the DFE-530TX+ uses Realtek 8139.
>> I have thoroughly load tested these cards on my LANs and found no
>> errors, problems or dropped packets whatsoever, on my LANs, with D-Link
>> cards talking to D-Link cards. Under light and intermittent loads, my
>> tests show approximately a couple of dozen dropped packets at irregular
>> intervals during any 24 hour day, while connected to the ISP's Cisco
>> router. ... Minor, perhaps.
>
> Hmmm. How'd you test them?
>
I'll send you a brief narrative by e-mail to try to return the courtesy
you have shown me here, by answering your question. I might be erring on
the side of too much caution, but I'm not sure that every detail is most
appropriately posted here for the entire world to read, and to hog the
entire world's bandwidth. My tests were extensive and long running, but
relatively simple, and also relatively conclusive for my purposes.
>>> The `transmit timed out' normally means you have an inferior network
>>> card and/or driver - in practice, via-rhine and some 3com chipsets
>>> have been known to give that,
Again I apologize belatedly. The TX+ uses a different chipset and driver,
and I wasn't sharp enough to pick that up in time. Very sorry for the
(my) misunderstanding. I probably would not have picked up on it without
your kind response. Thanks for the help.
>> I haven't encountered anything of this type. But if you or others can
>> give me references, I will take it to the manufacturer for credits.
>
> It's a bunch of experience here dating from late kernel 2.2.x through
> 2.4.16 or later. If you've somehow managed to avoid problems with the
> cards, cool.
I appreciate you taking the time to share your experience. And yes,it's
cool that I have avoided problems with the cards on my own LANs. What is
not so cool is that the ISP has not been responsive to the remaining
connection issue because of the cards I am using. Again, I apologize; you
did say 530-TX, and I am talking about 530-TX+, using a different chipset
and driver. It's entirely my fault that we may inadvertently be talking
"apples vs. oranges".
>>> worse under intense UDP and high temperatures.
>>
>> Sorry for gaps in fundamental knowledge. But, if you would please: UDP
>> (User Datagram Protocol?)
>
> The very same.
>
>> Is there some particular way to simulate the problem(s) on my (or
>> D-Link's) test LANs by creating "intense UDP"? How would I
>> intentionally create "intense UDP" on a test LAN? What specific
>> conditions might be needed or expected to occur on a public network to
>> create problems for a connected D-Link card? Are you talking about an
>> intentional DDOS attack?
>
[Very detailed and much appreciated instructions snipped and saved to my
drive for further study, discussion with D-Link - if they are really
interested. Thanks again !! ...]
>> pps. That's a neat approach to the return e-mail address ! Very
>> clever.
>
> Pity it seems to be necessary. Blame Swen.
>
Indeed a pity.
> ~Tim
Sincere thanks, Tim. And best wishes.
-- Remove the backwards _NO_SPAM for e-mail ... Trying to cut down on the backwards NEWS virus mail Thanks !!
- Next message: Will: "fwlogwatch"
- Previous message: John Bailo: "Question about the passwd file"
- In reply to: Tim Haynes: "Re: Could this be a sign of break-in"
- Next in thread: Phil Boutros: "Re: Could this be a sign of break-in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
