On Fri, 23 Nov 2007 23:59:41 +0200 "Joel V." <[EMAIL PROTECTED]> wrote:
> Hello all, > > I'm not experiencing this problem, my friend is. He's simply too > pissed off to write here and I'm afraid he's going to set his office > on fire if he doesn't solve the problem soon, so without further ado, > here's the problem: > > He has two fbsd boxes, main server running 6.1 and dns server running > 4.3. He has 4 public IPs which he can use and the main server is > running on x.x.x.122. He's main box is NOT acting as a gateway/NAT > box in the office. Today he noticed that net is getting awfully slow. > Sometimes there would be 50% pl when pinging, sometimes pinging would > be all OK, but SSH is dead-slow and the webpages running on the main > server are not displaying. E-mails are not going through. He calls > the ISP, who say that his network is showing major uploading > activity. He switches off networking services one by one in the main > box but situation does not improve. He disconnects the main server > and puts a windows xp box instead, which seems to run fine. He puts > back the freebsd box, disables all networking services again except > for SSH and connects the network: instant 100% networking slow-down. > He tried to change the switch, thinking it's faulty. He disconnect > every other computer in the office from the network: nothing. He put > the public IP address on the second, internal network NIC: same > thing. Now it gets really mysterious: he puts the old dns server with > the x.x.x.122 IP and instantly it becomes slow as death. The logical > conclusion would be that someone is flooding that IP? Only the > windows xp box seemed to work fine and the ISP guy said it was upload > bandwidth that was excessive... > > Netstat -a doesn't show anything interesting, arp -a doesn't show any > incomplete addresses He tried to build and install a new fresh kernel. > Nothing. This is the most creepy networking problem I've heard of. > Can YOU help? Any ideas where to start looking? Not enough information (a bit hard to extract from above...) To date I remember experiencing only 2 causes that had symptoms very similar to your buddie's: 0. DDoS attack -- started suddenly one day after I scanned some spammer's gateway with Nessus (or just nmap? can't remember); 1. All my home network is 10/100, but workstation has a Gigabit NIC, Marvell Yukon 88E8056, using their driver myk(4) [thanks, Marvell! but where is the source code? ;)]. Right after I replaced an old 10/100 switch by a gigabit one, the network speed dropped to less than 100 kbytes/s. Turns out the NIC began autonegotiating to 1000baseTX for some reason. Setting media manually to 100baseTX improved things to my satisfaction. > I'm not in the freebsd-hackers list, so if you want the e-mail to > reach me, send a copy to [EMAIL PROTECTED] > > Thank you in advance! > Joel [SorAlx] ridin' VS1400 _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
