Intriguing Connectivity Problem
Results 1 to 8 of 8

Thread: Intriguing Connectivity Problem

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    Intriguing Connectivity Problem

    Hey everyone!


    I'm going to be sniffing the network later, so I'll throw up some captures if I find some interesting stuff, but for now I thought I'd try for some basic feedback. Here's the issue. We have two residence buildings, in the last week or so we've been getting a lot of calls about connectivity. It's weird though. Their connections are fine. They sit on msn all day but as soon as they load up Internet Explorer, their connection seems to crap out. I've tried to recreate this on our network, but we've got our own subnet and i'm not getting the same issues. I'm currently attempting to recreate the problem on the residence subnects but again I've been unsuccessful. I'm making appointments to go over and test the wiring early next week, but I'd like to get some ideas or some thoughts on this. Has anyone heard of any virus's or vulns affecting IE that could be causing this? I'm hoping the packet captures will reveal something, but I'm really stumped on this one.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    Well, is it just IE? You said
    they sit on MSN all day
    but does that mean they are okay using MSN Messanger? Can they connect through IRC?

    Try checking netstat -e to see what's going on there....I'd also recommend doing a port scan to see if they have any suspicious ports open...a lot of virii/worms will do that.

    It COULD have to do with the new IE Patch, which stops certain connections and loadings, but it sounds like they're not able to load anything. If google.com won't come up, I don't imagine that could possibly be it.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Yeah MSN is fine... I doubt any of them use IRC (I know the school filters IRC ports in the school.. I'm not sure about in the res though).

    We regularly run port scans for standard/non-standard ports, as well as virus scans and spyware scans.... It's driving me nuts.. as soon as they send HTTP requests they seem to die (only on their network though)...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    They sit on msn all day but as soon as they load up Internet Explorer, their connection seems to crap out
    Is it just IE they are having the problem with, or does it effect other browsers like Mozilla, or Opera? If it just IE, it could be some sort of cookie overload. I have a friend that had so many cookies on her IE that the browser slowed down to a virtual stop when ever she loaded it. Seems she had never cleared her cookies in about 3 years.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Have you had some extreme weather recently? or a sudden thaw?

    I take it you have done the usual AV tests?

    What is the symptom?.............very slow, won't connect?

    Cheers

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    mox: it's people who buy their computers and abuse them. They've never heard of any browser other than IE. I'll look into the cookie issue and see if that's the problem, however like I said on our subnet it works fine, I'm surfing with it.

    nihil: extreme weather? I have been updating and scanning with their AV software, and in cases when they don't have any we install either AVG or eTrust with the updates (I prefer AVG, but since we have the eTrust liscence the other techs tend to use it). I also run spybot scans on all the machines that come in and clean them out. It starts to drop connections. MSN will boot them and they'll get Page Not found Errors and Timeouts.


    I have one in the office right now and I just did a port scan of it. It's got TCP ports 10,110, 135, 389, 445, 1025, 1720 and 5000 open, as well UDP ports 123, 445, 500 and 1900. TCP port 5000 returns HTTP/1.1 400 Bad Request if you attempt to grab the banner. I'm still surfing with IE on this and it's been an hour. I'm really confused. I'm about to plug it into the same switch it's on when it's in it's room to see if that changes the results at all. However I'm getting these reports from all across res. (both floors and buildings)... so it's not centralized.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    I have not lost the plot......well not quite I have seen situations over here where weather damage degraded the capacity of the infrastructure...in particular, I remember a lightning strike protector suffering this way. Took us ages to figure it out

    Are you all using the same server to connect to the net?

    Is there any pattern with traffic volumes?

    Cheers

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Everyone in the college eventually leaves on the same pipe, prior to that however everything is somewhat segregated. However I see lots of cross over on the packet captures, stuff bound for and originating in other subnets is crossing over into my packet captures. As far as actual traffic, the monitoring is done by network services however we've taken over support of residence and the networking. It's a horrible set-up but you all know about politics. What confuses me is the number of open ports on the system..... I'm creating a key that I can bring to other computers in res. to compare results
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •