Did you guys come to a conclusion on this? I would like to know as I have the same issue I haven't been able to resolve. It's good knowledge for the future also. Let me know if ya would.
Thanks, Nathan >>-----Original Message----- >>From: Darren Gragg [mailto:[EMAIL PROTECTED] >>Sent: Tuesday, July 15, 2003 2:39 PM >>To: 'Roger A. Grimes'; [EMAIL PROTECTED] >>Subject: RE: Ping of Dead on LAN >> >> >>Roger- >> >>The source of the POD is our DC which is always on. Wouldn't >>this give the >>option to be an MTU? >> >>Darren >> >>-----Original Message----- >>From: Roger A. Grimes [mailto:[EMAIL PROTECTED] >>Sent: Tuesday, July 15, 2003 12:37 PM >>To: Darren Gragg >> >>Can't be an MTU problem if the fragments are occurring when >>the machines are >>not active. That one fact changes everything. Share with the >>list and see >>what else people come up with. >> >>----- Original Message ----- >>From: "Darren Gragg" <[EMAIL PROTECTED]> >>To: "'Roger A. Grimes'" <[EMAIL PROTECTED]>; >><[EMAIL PROTECTED]> >>Sent: Tuesday, July 15, 2003 2:30 PM >>Subject: RE: Ping of Dead on LAN >> >> >>Roger- >> >>I am familiar with what their intention is. I don't know >>that I should have >>one on my setup. We are installing point to point t-1 next >>week so I will >>be able to get in and see if we are dealing with a problem in >>the router. I >>think we might have an MTU problem because the only setting >>in the SonicWALL >>is an option to fragment outgoing packets if they are over >>1500. These >>packets shouldn't be outgoing because they are staying on our >>LAN. This is >>a very puzzling one. >> >>Darren >> >>-----Original Message----- >>From: Roger A. Grimes [mailto:[EMAIL PROTECTED] >>Sent: Tuesday, July 15, 2003 12:27 PM >>To: Darren Gragg >> >>Put this one back to the list....it's too juicy not to share. >> Now, I'm >>thinking a Keepalive problem. >> >>Are you familar with keepalives? >> >>Roger >> >>----- Original Message ----- >>From: "Darren Gragg" <[EMAIL PROTECTED]> >>To: "'Roger A. Grimes'" <[EMAIL PROTECTED]> >>Sent: Tuesday, July 15, 2003 2:22 PM >>Subject: RE: Ping of Dead on LAN >> >> >>Roger- >> >>Yes these POD show up even though the machines are off. They >>aren't in any >>sort of pattern that I can find, other than maybe some type >>of Microsoft >>group policy refresh type of thing. Maybe it is some >>fragmented packet that >>the DC is scanning with? >> >>Darren >> >>-----Original Message----- >>From: Roger A. Grimes [mailto:[EMAIL PROTECTED] >>Sent: Tuesday, July 15, 2003 11:21 AM >>To: Darren Gragg >> >>Interesting. Let me confirm this...the PODs appear to come >>from machines >>that are physically turned off? >> >>----- Original Message ----- >>From: "Darren Gragg" <[EMAIL PROTECTED]> >>To: "'Roger A. Grimes'" <[EMAIL PROTECTED]> >>Sent: Tuesday, July 15, 2003 9:12 AM >>Subject: RE: Ping of Dead on LAN >> >> >>Roger- >> >>The POD happen at random intervals throughout the day even >>when the machines >>are off. They always have a source as my DC and to these XP >>boxes on other >>subnets at the branches. I have thought what Steve said in >>that it could be >>a group policy thing since the machines at those locations >>have a really >>hard time loading their roaming profiles when they log into >>the machine. >> >>-----Original Message----- >>From: Roger A. Grimes [mailto:[EMAIL PROTECTED] >>Sent: Monday, July 14, 2003 3:47 PM >>To: Darren Gragg; [EMAIL PROTECTED] >> >>I've installed dozens of Sonicwalls, and I can tell you that >>isn't a normal >>symptom. >> >>We need more details...when do the POD's happen...? As soon >>as the machine >>is turned on (before XP is loaded), all the time, >>randomly....give us more >>details. >> >>If I was you, I'd disable services and use netstat -ano to >>find out what >>service or program is generating the false-positive traffic (if it is >>false-positive traffic). >> >>Turn on SW's packet sniffing features and capture a few >>packets...and take a >>look. >> >>Roger >> >>----- Original Message ----- >>From: "Darren Gragg" <[EMAIL PROTECTED]> >>To: <[EMAIL PROTECTED]> >>Sent: Monday, July 14, 2003 4:50 PM >>Subject: Ping of Dead on LAN >> >> >>> I have a problem that SonicWALL can't seem to figure out >>and I'm running >>out >>> of ideas myself. We have a main location where our DC is with our >>branches >>> connected via t-1 lines. Also at the main location is a >>SonicWALL pro >>200. >>> Each time I install a Windows XP Pro machine at our branch >>locations it >>> creates more and more Ping of Death Blocked entries in our >>firewall log. >>> Does anyone have any ideas? Any help would be great! >>> >>> Darren Gragg >>> CTO >>> >>> >>> >>-------------------------------------------------------------- >>------------ >>- >>> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by >>top analysts! >>> The Gartner Group just put Neoteris in the top of its Magic >>Quadrant, >>> while InStat has confirmed Neoteris as the leader in marketshare. >>> >>> Find out why, and see how you can get plug-n-play secure >>remote access in >>> about an hour, with no client, server changes, or ongoing >>maintenance. >>> >>> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm >>> >>-------------------------------------------------------------- >>------------ >>-- >>> >> >> >> >>-------------------------------------------------------------- >>------------- >>Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by >>top analysts! >>The Gartner Group just put Neoteris in the top of its Magic Quadrant, >>while InStat has confirmed Neoteris as the leader in marketshare. >> >>Find out why, and see how you can get plug-n-play secure >>remote access in >>about an hour, with no client, server changes, or ongoing maintenance. >> >>Visit us at: http://www.neoteris.com/promos/sf-6-9.htm >>-------------------------------------------------------------- >>-------------- >> >> --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
