Link to home
Start Free TrialLog in
Avatar of Russianblue
Russianblue

asked on

strange router crashing problem

Scenario:

Local business uses SBS2008 with RRAS set up for incoming VPN connectivity.  Single NIC server is NATTED behind a Netgear WNDR3700 flashed with DD-WRT.  Internet connections is 35x5.

Remote user connects via windows 7 PPTP client from a Cox home connection.  He is NATTED behind a Linksys WRT54G.  Every night he copies a 90MB file to his machine over the VPN via UNC path....something like xcopy \\server.domain.local\share\file.ext  or similar.   Works beautifully.

Remote user then changes his router....NOTHING ELSE....to a SonicWall TZ 100.

upon doing so, he can consistently crash the netgear WNDR3700 within 1 to 2 minutes after initiating the same file copy.

the netgear has a 600+ mhz CPU with 64MB ram and GB ports. i'd wager it's more powerful than the Sonicwall even though it is not a 'business-class' router.  ZERO other problems with the netgear.  Immediately upon rebooting the Netgear, everything continues as normal.  

I tried a UNC copy of an ISO image from my house which is a similar Time Warner/Cox type connection behind a standard home router and it pegged at 5 megabits and caused ZERO issues.  

what am i missing here.  what on earth could be causing this?  the sonicwall is the only thing that has changed.

ASKER CERTIFIED SOLUTION
Avatar of digitap
digitap
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Russianblue
Russianblue

ASKER

BOO-YAH!  

wow.  switched the SonicWall MTU to 1500 and POW!  full speed in and out, no further problems whatsoever!

i can't believe it.

guess what.  when the guy installed the router last week, he had SonicWall support remote in and help him set it up. He told them he'd be using VPN etc.  The SonicWall guy set the MTU to 1404! no lie.  can you believe that.

the thing that bugs me is wondering if whether i am vulnerable to some sort of MTU attack.  sorta like a Denial of Service Attack or something. i'll have to do some testing to see if this only happens via vpn.  i mean, can anyone take down my router by just changing their MTU and copying a big file? holy cow.

well, thanks so much for your help. this is a no-brainer. i'd give you more than 500pts if i could!
SPOT-on assessment!
Cool. Glad I could help. 1404 seems a little low. I know that a few years ago, we ALWAYS changed the MTU with cable Internet connections. Any more, this just isn't the case. 1500 (which is the default) has been the correct one. We still test, but rarely have to change it.

Regarding MTU attack, I think the key here is that you've opened your firewall for PPTP traffic to your internal VPN server. An external attacker would have to know you've opened your firewall to that traffic. Additionally, your firewall should be aware of when it's being port scanned and defend against anyone trying to figure out that you've poked a whole in the firewall.

Thanks for the points!