Roger- The source of the POD is our DC which is always on. Wouldn't this give the option to be an MTU?
Darren -----Original Message----- From: Roger A. Grimes [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:37 PM To: Darren Gragg Can't be an MTU problem if the fragments are occurring when the machines are not active. That one fact changes everything. Share with the list and see what else people come up with. ----- Original Message ----- From: "Darren Gragg" <[EMAIL PROTECTED]> To: "'Roger A. Grimes'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 2:30 PM Subject: RE: Ping of Dead on LAN Roger- I am familiar with what their intention is. I don't know that I should have one on my setup. We are installing point to point t-1 next week so I will be able to get in and see if we are dealing with a problem in the router. I think we might have an MTU problem because the only setting in the SonicWALL is an option to fragment outgoing packets if they are over 1500. These packets shouldn't be outgoing because they are staying on our LAN. This is a very puzzling one. Darren -----Original Message----- From: Roger A. Grimes [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:27 PM To: Darren Gragg Put this one back to the list....it's too juicy not to share. Now, I'm thinking a Keepalive problem. Are you familar with keepalives? Roger ----- Original Message ----- From: "Darren Gragg" <[EMAIL PROTECTED]> To: "'Roger A. Grimes'" <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 2:22 PM Subject: RE: Ping of Dead on LAN Roger- Yes these POD show up even though the machines are off. They aren't in any sort of pattern that I can find, other than maybe some type of Microsoft group policy refresh type of thing. Maybe it is some fragmented packet that the DC is scanning with? Darren -----Original Message----- From: Roger A. Grimes [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 11:21 AM To: Darren Gragg Interesting. Let me confirm this...the PODs appear to come from machines that are physically turned off? ----- Original Message ----- From: "Darren Gragg" <[EMAIL PROTECTED]> To: "'Roger A. Grimes'" <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 9:12 AM Subject: RE: Ping of Dead on LAN Roger- The POD happen at random intervals throughout the day even when the machines are off. They always have a source as my DC and to these XP boxes on other subnets at the branches. I have thought what Steve said in that it could be a group policy thing since the machines at those locations have a really hard time loading their roaming profiles when they log into the machine. -----Original Message----- From: Roger A. Grimes [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 3:47 PM To: Darren Gragg; [EMAIL PROTECTED] I've installed dozens of Sonicwalls, and I can tell you that isn't a normal symptom. We need more details...when do the POD's happen...? As soon as the machine is turned on (before XP is loaded), all the time, randomly....give us more details. If I was you, I'd disable services and use netstat -ano to find out what service or program is generating the false-positive traffic (if it is false-positive traffic). Turn on SW's packet sniffing features and capture a few packets...and take a look. Roger ----- Original Message ----- From: "Darren Gragg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 14, 2003 4:50 PM Subject: Ping of Dead on LAN > I have a problem that SonicWALL can't seem to figure out and I'm running out > of ideas myself. We have a main location where our DC is with our branches > connected via t-1 lines. Also at the main location is a SonicWALL pro 200. > Each time I install a Windows XP Pro machine at our branch locations it > creates more and more Ping of Death Blocked entries in our firewall log. > Does anyone have any ideas? Any help would be great! > > Darren Gragg > CTO > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
