Solved

Odd networking issue

Posted on 2014-12-12
10
100 Views
Last Modified: 2014-12-26
Our main internet connection is Windstream and we have a backup Verizon DSL line.  The Windstream connection uses a Linksys RV220W router.  We manually switch the cable to the DSL Westell router if ever needed.

We were starting to experience random network issues.  Some computers were getting random errors in our Database software and ping tests showed some small packet loss.  When we switch over to DSL, the problems immediately go away.  If we switch back to the Windstream connection, the issues come back, but not right away.  Normally it takes an hour or so but ALWAYS comes back.  We replaced the RV220W router and upgraded the firmware in it.  Our 2 servers are fully patched.   I've done a deep malware scan on both servers.  The only thing that makes sense to me is some kind of flood attach to the Windstream IP address.  Unfortunately the RV220W logs don't tell me much.  Any ideas?
0
Comment
Question by:seanrhudy
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40497000
What kind of connection is the Windstream pipe? Ethernet handoff, etc.?
Here's a test you could do to at least doublecheck yourself and isolate the issue.
Switch over to DSL for the time being, since that's a stable connection.
Connect a computer or small test network directly to the Windstream pipe, and see if the creeping errors recur, or if it stays clean. You'll likely have to re-address whatever computer you connect to the Windstream pipe unless they hand out DHCP to you, but it'd be a good way to show Windstream 'this connection suffers packet loss/latency/other issues separate of any of our internal infrastructure'.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 40497038
Presumably the RV is not set in failover mode, correct?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40497440
What logging options have you enabled on the RV220W?
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40499352
I have had a similar issue with a netgear modem/router.
I disabled IP flood (Syn flood) detection in the firewall settings and now it is much better...
I run a local DNS inside my LAN (behind the NAT) and it seems that DNS queries are detected as "syn-flood" attacks
0
 

Author Comment

by:seanrhudy
ID: 40501742
rharland2009; Yes, it's an ethernet handoff. I switched over to the DSL line and I connected a single laptop with a static IP for testing. So far, everything looks good.

fmarshall: No, it's not in failover mode.

giltjr: I have enabled all logging, but the logging in this device is not the best.  There isn't much in the logs at all.

vivigatt: I disabled Syn Flood detection, but same issues.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 16

Expert Comment

by:vivigatt
ID: 40501752
Have you tried completely disabling the firewall and see if this is any better ?
0
 

Accepted Solution

by:
seanrhudy earned 0 total points
ID: 40512454
So somebody had plugged in a cheap wireless extender.  The extender was handing out IP's, but what made this hard to figure out is that the DHCP Server listed when I did an IPCONFIG /ALL was the correct server, but wrong info.  We unplugged the extender and the problem was solved.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 40513312
What does this mean:
the correct server, but wrong info.
?
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40515142
You meant a rogue DHCP server ?
0
 

Author Closing Comment

by:seanrhudy
ID: 40518239
Unplugging the extender fixed the issue.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now