You can turn on and off accepting packet fragmentation in Sonicwall's GUI. I believe it's turned off by default.
I'm a little skeptical that this is a MTU problem, but I'm skeptical that I'm intelligent enough to participate in this conversation at all. <grin> Darren can test this theory by modifying XP's registry to turn off MTU fragmentation. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf aces\ID for AdapterTcpip\Parameters\EnablePMTUDiscovery Set it to zero vs. the default of 1, reboot and see if turning off large MTU sizes fixes the problem. Also, Darren can use Sonicwall's packet capturing ability to see if fragmentation flags are set on the packets causing the problem. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: [EMAIL PROTECTED] *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) **************************************************************************** ***** ----- Original Message ----- From: "Nathan" <[EMAIL PROTECTED]> To: "'Roger A. Grimes'" <[EMAIL PROTECTED]>; "'Darren Gragg'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 9:13 AM Subject: RE: Ping of Dead on LAN > I've seen this myself on a Pro300. It is an issue in the sonicwall where > they are over protective. Every time a fragmented packet crosses the > sonicwall it logs it as a ping of death and drops it (I assume it drops it). > I've talked to our regional sonicwall engineer and they said it is something > they know about and are working on. You can set the Path MTU on your windows > machine to be lower, try like 1440, to prevent packet fragmentation. You > might also try messing with the MTU on the SonicWall, but I don't think that > is where the problem is. Your right about the XP thing, as the customer we > manage only has this problem with IP's associated with XP machines. It's > something to do with XP fragmenting packets. > > -Nathan --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
