strange router crashing problem

Posted on 2011-04-21
Last Modified: 2012-05-11

Local business uses SBS2008 with RRAS set up for incoming VPN connectivity.  Single NIC server is NATTED behind a Netgear WNDR3700 flashed with DD-WRT.  Internet connections is 35x5.

Remote user connects via windows 7 PPTP client from a Cox home connection.  He is NATTED behind a Linksys WRT54G.  Every night he copies a 90MB file to his machine over the VPN via UNC path....something like xcopy \\server.domain.local\share\file.ext  or similar.   Works beautifully.

Remote user then changes his router....NOTHING a SonicWall TZ 100.

upon doing so, he can consistently crash the netgear WNDR3700 within 1 to 2 minutes after initiating the same file copy.

the netgear has a 600+ mhz CPU with 64MB ram and GB ports. i'd wager it's more powerful than the Sonicwall even though it is not a 'business-class' router.  ZERO other problems with the netgear.  Immediately upon rebooting the Netgear, everything continues as normal.  

I tried a UNC copy of an ISO image from my house which is a similar Time Warner/Cox type connection behind a standard home router and it pegged at 5 megabits and caused ZERO issues.  

what am i missing here.  what on earth could be causing this?  the sonicwall is the only thing that has changed.

Question by:Russianblue
    LVL 33

    Accepted Solution

    It's possible this has something to do with the MTU size of the Sonicwall's WAN interface. Review the KB article below which discusses duplicate packets. It's possible that the MTU is incorrect causing dropped packets and the sonicwall attempts to retransmit them. This may be causing an issue on your router which is allowing the PPTP traffic through to your internal server.

    I wrote a EE article on identifying the proper MTU on a sonicwall and configuring the new MTU.

    So, here's my disclaimer. If my suggestion above seems like a stretch, don't worry because it feels like a stretch.
    LVL 3

    Author Comment


    wow.  switched the SonicWall MTU to 1500 and POW!  full speed in and out, no further problems whatsoever!

    i can't believe it.

    guess what.  when the guy installed the router last week, he had SonicWall support remote in and help him set it up. He told them he'd be using VPN etc.  The SonicWall guy set the MTU to 1404! no lie.  can you believe that.

    the thing that bugs me is wondering if whether i am vulnerable to some sort of MTU attack.  sorta like a Denial of Service Attack or something. i'll have to do some testing to see if this only happens via vpn.  i mean, can anyone take down my router by just changing their MTU and copying a big file? holy cow.

    well, thanks so much for your help. this is a no-brainer. i'd give you more than 500pts if i could!
    LVL 3

    Author Closing Comment

    SPOT-on assessment!
    LVL 33

    Expert Comment

    Cool. Glad I could help. 1404 seems a little low. I know that a few years ago, we ALWAYS changed the MTU with cable Internet connections. Any more, this just isn't the case. 1500 (which is the default) has been the correct one. We still test, but rarely have to change it.

    Regarding MTU attack, I think the key here is that you've opened your firewall for PPTP traffic to your internal VPN server. An external attacker would have to know you've opened your firewall to that traffic. Additionally, your firewall should be aware of when it's being port scanned and defend against anyone trying to figure out that you've poked a whole in the firewall.

    Thanks for the points!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now