Results 1 to 9 of 9
Morning folks, Here's the gist of my problem: every time my Linux box is on, it randomly and repeatedly kills my router. Here's the details: I installed Mandriva 2006 on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-04-2006 #1
- Join Date
- Aug 2006
System kills my router/network
Here's the gist of my problem: every time my Linux box is on, it randomly and repeatedly kills my router.
Here's the details: I installed Mandriva 2006 on an old PIII 733 so I could learn Linux. I got the network working (dynamic DHCP wired connection to my router, and from thence to the internet), and I installed Samba. Since I'm able to use my WinXP box to copy files from my Linux box, I'm assuming Samba is working (a big assumption, I know). I can browse the internet without problems, and software such as Azureus worked once I opened the port on the firewall. I used to have ports open on the router as well, but since this problem started I simply set the DMZ on my router to let my Linux box straight through. It didn't help.
Every time the Linux machine boots up, it kills the router. Additionally, it kills it randomly thereafter. I don't even have to be using it; the router simply freezes and has to be power cycled. Naturally, my WinXP boxes lose the connection as well. I can't give any technical details about my machine since I don't know Linux well enough to know what to give you, but if you ask me for something (aside from root access (: ) I'll be happy to oblige.
Sometimes I can have Azureus running all night without problems, othertimes I can't keep my router up for more than a few minutes. If the Linux box is off I don't have any problems at all, and running bandwidth-intensive software on my WinXP machines causes no problems either. I have no IP conflicts and the router itself (an SMC) is in fine shape.
Is Samba screwing with my network? Do I have an insane amount of spyware on my Linux box that's causing this? (Does spyware even exist for Linux machines?) I'd really appreciate anyone who could help. Just tell me what info you need to make a diagnosis.
I'm going away for the weekend, but I'll check back when I return.
- 08-04-2006 #2
- Join Date
- May 2006
- West Palm Beach, Florida
Spyware for Linux...I do not believe there is such a thing, let alone "Viruses"!
You have both computers on the network, and you say there is no IP conflict, hmmmm thats where I stop and let the experts begin..but rest assure that Spyware and Viruses are NULL to linux boxes
- 08-05-2006 #3
- Join Date
- Nov 2004
Have you reversed the situation - start with the linux box running and then add in the XP boxes? It may just be an issue of weight. It is an ethernet connection and I'm not aware of anything that might harm the router otheer than a hardware error in your network card on the linux box or an excessive amount of traffic. Can you log into your router and get statistics as you go?
- 08-07-2006 #4
- Join Date
- Aug 2006
Thanks for the replies, folks. The odd thing about this situation is that if the Linux box is the only one that's on, it still kills the router. I normally use enough bandwidth that I have to buy new routers every year or so, but in this case I can be running major software on my XP boxes and be okay, whereas if I have my Linux box just sitting there (and with no other machine running) the router dies. The only explanation I could come up with was spyware (and even then it would have to be a LOT of it), but you have been kind enough to assuage those fears.
Edit: bigtomrodney, sure, I can get some stats. I'll get my activity log and receive/transmit stats and put them up tonight.
Does Linux interact differently with routers? One thing I forgot to mention last time is that the Linux box doesn't show up on my router's DHCP client list. Would switching it to a static IP change anything? I suppose it's worth a try, especially if it has a different IP than current. Perhaps I'll try that after work and let you know how it goes.
One question: is there any way that Samba could be causing this? Is it possible to disable Samba and see if that helps, and if so, how?
Thanks again for your help.
- 08-07-2006 #5
Not easy! Spyware is virtually unknown on a Linux box. I don't know anything about Samba, but I did manage to set up my Linux net connection from scratch. It looks to me like something is slightly mis-configured.
I would try connecting using a command line. Ages since I did it, but it's a combination of using the ifconfig command and the dhcpcd command (try typing: man dhcpcd for further details). I would log in as root:
and try ifconfig eth0 up (the opposite command is ifconfig eth0 down). Then try dhcpcd -d ... I also wonder if your maximum transmission unit (MTU) settings are right for your setup. Type ifconfig by itself and see if the settings agree with those in your router.
Just some ideas. Typing ifconfig (as root) by itself should give some useful feedback. I'm not working on a *nix box now, so any inaccuracies are due to this. I think once you figure out what the correct settings are, your connection should remain stable.I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
- 08-08-2006 #6
- Join Date
- Aug 2006
Okay, so I changed my IP address to a static one and the damned thing seems to be working -- for now. I booted up the machine last night while XP was running, and of course the router went down. I shut down the XP boxes, power cycled the router, and changed the Linux box to a static IP (192.168.0.165, the same as when it was dynamic), and left Azureus running overnight. By morning it was still going strong.
Now, this happens occasionally with my current problem, so I'm not certain it's been fixed (besides, it just seems too easy). I turned on my XP box this morning and I'll leave them both running all day to see how that goes.
This is the activity log for my router:
2006/08/08 07:47:52 : 192.168.0.172 login successfully 2006/08/08 07:47:45 : 192.168.0.172 login failed 2006/08/08 07:24:15 : Blocked intrusion "Smurf" from 192.168.0.165 2006/08/08 07:24:15 : **Smurf** <ICMP> Source IP:192.168.0.165 Port:0 Dest IP: 192.168.0.255 Port:0 2006/08/08 07:24:15 : Blocked intrusion "Smurf" from 192.168.0.165 2006/08/08 07:24:15 : **Smurf** <ICMP> Source IP: 192.168.0.165 Port:0 Dest IP:192.168.0.0 Port:0 2006/08/08 06:21:14 : DHCP Client : Receive Ack from 184.108.40.206, Lease time = 86400 2006/08/08 06:21:11 : DHCP Client : Send Request, Request IP = ######## 2006/08/08 00:52:25 : Blocked intrusion "Smurf" from 192.168.0.165 2006/08/08 00:52:25 : **Smurf** <ICMP> Source IP:192.168.0.165 Port:0 Dest IP:192.168.0.0 Port:0 2006/08/07 23:36:07 : Get DNS Server IP = 220.127.116.11 2006/08/07 23:36:07 : Get DNS Server IP = 18.104.22.168 2006/08/07 23:36:07 : Get DNS Server IP = 22.214.171.124 2006/08/07 23:36:07 : Get Gateway IP = ###### 2006/08/07 23:36:07 : Get WAN Subnet Mask = 255.255.255.0 2006/08/07 23:36:07 : Get WAN IP Address = ######## 2006/08/07 23:36:04 : DHCP Client Lease Renewed 2006/08/07 23:36:03 : DHCP Client : Receive Ack from 126.96.36.199, Lease time = 49618 2006/08/07 23:36:03 : DHCP Client : Send Request, Request IP = ######## 2006/08/07 23:36:02 : DHCP Client : Receive Offer from 188.8.131.52 2006/08/07 23:36:01 : DHCP Client : Send Discover 2006/08/07 23:35:59 : DHCP Client : Send Discover 2006/08/07 23:35:55 : WLAN TEST....................PASS 2006/08/07 23:35:55 : WAN ETHER TEST...........PASS 2006/08/07 23:35:55 : FLASH TEST....................PASS 2006/08/07 23:35:55 : DRAM TEST.....................PASS
Here's the result from "ifconfig":
eth0 Link encap:Ethernet HWaddr 00:20:78:B0:11:D7 inet addr:192.168.0.165 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::220:78ff:feb0:11d7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:935401 errors:0 dropped:0 overruns:0 frame:0 TX packets:893281 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:671629526 (640.5 MiB) TX bytes:697847755 (665.5 MiB) Interrupt:5 Base address:0xb800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5791 errors:0 dropped:0 overruns:0 frame:0 TX packets:5791 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:411652 (402.0 KiB) TX bytes:411652 (402.0 KiB)
Thanks again for all your help!
- 08-08-2006 #7
A trojan isn't very likely. It would probably require root access to run, and this is very unlikely to occur on a Linux box. I wrote this some time ago which should still be helpful. There's a programme called Bastille which - when installed - can severely limit an attackers ability to perform a DOS attack on you.
You might want to install and run a virus checker like Clamav, and install and run rootkit hunter. Every now and again it's a good idea to type history -c in your terminal to clear any record of your activities there.
<edit>You should install security updates too. That should keep out any system crackers.I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
- 08-08-2006 #8
Try running tcpdump or ethereal.
It will show all traffic in and out of the computer.
It should reveal whether or not this box is the
source of a DoS attack on your network.
If in doubt. Reinstall linux, a different distribution,
or at least from a different install medium.
It's not very likely, but your install medium could
have the trojan. It's also possible that something is
misconfigured, and the router interprets it as an attack.
- 08-08-2006 #9
- Join Date
- Aug 2006
Thanks for all the suggestions, and especially thanks to fingal for that article. I'm going to try everything, though it will likely take a while.
In the meantime, my problem seems to be gone. It looks like the static IP fixed it. I have no idea why this would happen -- maybe the router didn't like assigning an IP to a Linux machine -- but I won't argue with what works. Thanks to everyone for your suggestions. It's nice to see that the myth about elitist Linux IT support is just that. (: