PDA

View Full Version : crashing ISA server?



twylie
2006-05-04, 21:19
Recently moved to a new office location and determined that my cube (SlimServer running on Windows XP driving a SB3 off a 5 port switch in my cube) was causing one of our VPN servers running Windows Firewall to peg the CPU after a half hour or so. End result is slowing our T1s down to dial up speed once the CPU on this box gets pegged. Google research shows that under certain circumstances, this is a result of the Windows Firewall seeing what looks like a DoS on the network. Eliminated a worm/virus as a root cause, but still looking for ideas to research.

Does the polling function (or plugins? - running XM Radio & SuperDateTime) on slimserver (looking for new squeezeboxes) generate traffic that coudl be percieved as some kind of internal network attack?

Any other thoughts or suggestions are appreciated.

twylie
2006-05-05, 05:43
I've doen some testing this morning and found the following:

- The ISA server config: Windows 2000, SP4
- Slimserver is not causing the issue, it is directly related to having the SB3 on the network.
- I pulled the box running slimserver off the network, but left the SB3 wired to the network - not connected to Squeezenetwork. After about 15 min, the Windows Firewall pegged out the CPU on our ISA server.

I will run ethereal later today when most of the users are off the system to see if I can further pinpoint what traffic is causing the Firewall to freak out.

Again - any ideas welcome and appreciated.

twylie
(4 - SB3's, 1 - SB2, 1 - SB1G, 1 - SliMP3)

mherger
2006-05-05, 05:59
> Again - any ideas welcome and appreciated.

I'm sorry I can't help here. But I know of at least one user using a
couple of Squeezeboxen behind a ISA server. It must be possible somehow
:-).

What firmware are you using?

--

Michael

-----------------------------------------------------------
Help translate SlimServer by using the
SlimString Translation Helper (http://www.herger.net/slim/)

twylie
2006-05-05, 06:53
[QUOTE=mhergerWhat firmware are you using?[/QUOTE]

Sorry, should have included that in first post.

Currently running 6.5b1 7264 (5/2/06 nightly) with Firmware 48

Was running 6.5b1 (3/5/06 nightly) with Firmware 40 - pretty confidant seeing same behavior on the ISA server. I changed versions a couple of days ago to get internet radio running and didn't realize that it was my player causing the slowdown. Just moved to new office space and lets just say it's a good thing I'm friends with the head IT person :-)

Thanks,

twylie

joncourage
2006-05-05, 11:54
while the SB might be causing a problem, sounds to me like your firewall admin has some work to do. i think the firewall should be smart enough to start ignoring packets from a device it thinks is trying to DoS it, so a continued service interruption sounds like a mis-configured firewall to me. again, not to say the SB isn't causing a traffic condition seen by the FW as an attack.

twylie
2006-05-09, 07:57
Agreed that a properly configured firewall should not die and instead blacklist any internal device that it thinks is DoSing it.

Another data point - SoftSqueeze runs without a problem - it's only the hardwired player that is causing issues.