strange router crashing problem


Local business uses SBS2008 with RRAS set up for incoming VPN connectivity.  Single NIC server is NATTED behind a Netgear WNDR3700 flashed with DD-WRT.  Internet connections is 35x5.

Remote user connects via windows 7 PPTP client from a Cox home connection.  He is NATTED behind a Linksys WRT54G.  Every night he copies a 90MB file to his machine over the VPN via UNC path....something like xcopy \\server.domain.local\share\file.ext  or similar.   Works beautifully.

Remote user then changes his router....NOTHING a SonicWall TZ 100.

upon doing so, he can consistently crash the netgear WNDR3700 within 1 to 2 minutes after initiating the same file copy.

the netgear has a 600+ mhz CPU with 64MB ram and GB ports. i'd wager it's more powerful than the Sonicwall even though it is not a 'business-class' router.  ZERO other problems with the netgear.  Immediately upon rebooting the Netgear, everything continues as normal.  

I tried a UNC copy of an ISO image from my house which is a similar Time Warner/Cox type connection behind a standard home router and it pegged at 5 megabits and caused ZERO issues.  

what am i missing here.  what on earth could be causing this?  the sonicwall is the only thing that has changed.

Who is Participating?
It's possible this has something to do with the MTU size of the Sonicwall's WAN interface. Review the KB article below which discusses duplicate packets. It's possible that the MTU is incorrect causing dropped packets and the sonicwall attempts to retransmit them. This may be causing an issue on your router which is allowing the PPTP traffic through to your internal server.

I wrote a EE article on identifying the proper MTU on a sonicwall and configuring the new MTU.

So, here's my disclaimer. If my suggestion above seems like a stretch, don't worry because it feels like a stretch.
RussianblueAuthor Commented:

wow.  switched the SonicWall MTU to 1500 and POW!  full speed in and out, no further problems whatsoever!

i can't believe it.

guess what.  when the guy installed the router last week, he had SonicWall support remote in and help him set it up. He told them he'd be using VPN etc.  The SonicWall guy set the MTU to 1404! no lie.  can you believe that.

the thing that bugs me is wondering if whether i am vulnerable to some sort of MTU attack.  sorta like a Denial of Service Attack or something. i'll have to do some testing to see if this only happens via vpn.  i mean, can anyone take down my router by just changing their MTU and copying a big file? holy cow.

well, thanks so much for your help. this is a no-brainer. i'd give you more than 500pts if i could!
RussianblueAuthor Commented:
SPOT-on assessment!
Cool. Glad I could help. 1404 seems a little low. I know that a few years ago, we ALWAYS changed the MTU with cable Internet connections. Any more, this just isn't the case. 1500 (which is the default) has been the correct one. We still test, but rarely have to change it.

Regarding MTU attack, I think the key here is that you've opened your firewall for PPTP traffic to your internal VPN server. An external attacker would have to know you've opened your firewall to that traffic. Additionally, your firewall should be aware of when it's being port scanned and defend against anyone trying to figure out that you've poked a whole in the firewall.

Thanks for the points!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.