Thanks to all who have responded and requested more information. Below is a more embellished picture:
"Internet"-----BIG_ROUTER-----FR-----2500----HUB---AS5300-------D/U Users We are the ISP, in this case, which is why I can say no content filtering is occuring. We have several of these small POPs in the region, all of the going to BIG_ROUTER at a central location. BIG_ROUTER and its trusty configuration are not suspects at this point because the other POPs connected to it have no problem. In fact, if users dial into the POPs of nearby towns, they do not have this problem. This problem was brought to my attention about a week before the slammer attacks occured. The downloads are via HTTP and FTP; the results are the same. The problems occur with any server on the Internet. This morning, an user just informed that he can no longer download .img files. He also told that he logs attack traffic, and is seeing alot of scans and attempts against ports 137 (and sometimes 139) on his box. I don't think our FR provider is the problem since FR stops at Layer 2 and won't/can't distinguish between .zip and .gz files. I am thinking that perhaps there is a workstation or server connected to the hub that may be proxying or intercepting .zip and .exe requests? Sam's suggestion of sniffing is a good one, and will be probably be my next step as it's been a while since this POP LAN had its health checked. Troubleshooting continues! Charles ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Consider your OSI layers. :-) A hub problem is very unlikely to cause such > an issue. A generic router wouldn't either. This definitely seems like a > Layer 7 problem. > > Someone is filtering on .exe and .zip. They just weren't smart enough to > think about the UNIX and Mac equivalents. This could be an Intrustion > Detection System or some sort of smart firewall. > > How are they downloading these? E-mail attachments maybe? Not letting users > download .exe files via e-mail attachments might make a lot of sense as an > e-mail server configuration. > > Anyway, start looking at Layer 7 and above (politics, policies). Question > your Internet provider! > > Priscilla > > Charles Riley wrote: > > > > Sorry, should have mentioned. I get the same result whether > > the user system > > is UNIX, Mac, or Windows...it plays havoc with .exe and .zip. > > > > That is a good suggestion, though, about the sniffer...that is > > about the > > only thing I haven't tried yet. The Kmart bluelight special > > hub is making > > me a little suspicious... > > > > Thanks, > > > > Charles > > > > ""Sam Sneed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > load a packet sniffer on the laptop and see what really > > happens. If you > > > don't have one I know of a good free one . You install > > libpcap first, > > reboot > > > and then install analyzer. > > > > > > http://winpcap.polito.it/install/default.htm > > > http://analyzer.polito.it/install/default.htm > > > > > > Then you can see if the packets are coming back to you and if > > windows is > > > dropping them for some reason. > > > > > > ""Charles Riley"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > I ran across a strange problem with one of our POPs the > > other day, and > > am > > > in > > > > the process of researching/troubleshooting it. We have a > > configuration > > > > something like this: > > > > > > > > > > > > "Internet"-------2500-------AS5300-------D/U Users > > > > > > > > Not shown is a LAN connected to the 2nd Ethernet on the > > 2500. All > > > > connections to the shared Ethernet are via a Kmart > > bluelight special > > hub. > > > > The connection to the Internet is a T-1 FR. Neither the > > 2500 nor the T-1 > > > is > > > > anywhere close to being overloaded. > > > > > > > > We are not doing any content filtering, nor have any access > > lists been > > > > applied, nor are any sites blocked. > > > > > > > > The connection works great...email, web browsing, etc. all > > work just > > > fine. > > > > The only problem is that users can only download UNIX and > > Mac flavored > > > > files, but not anything that smacks of Windows. For > > example, they can > > > down > > > > the .gz/tar and .sft files for a SSH client for example, > > but can not > > > > download its .exe or .zip counterpart for Windows! Take > > the same .exe > > and > > > > .zip file, and rename it with a UNIX or Mac filename > > extension, and you > > > can > > > > download it. > > > > > > > > Surprisingly enough, the problem does not lie with the > > users. I took a > > > > "clean" laptop to the site, and encountered the same > > results. > > > > > > > > Has anyone ever experienced a problem like this? Could > > this be a bug in > > > the > > > > IOS on the 2500? Any suggestions would be welcome. > > > > > > > > > > > > TIA, > > > > > > > > Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62184&t=62184 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
