Consumer networking head scratcher
rdobbins at arbor.net
Thu Mar 2 05:24:38 UTC 2017
On 2 Mar 2017, at 9:55, Oliver O'Boyle wrote:
> Currently, I have 3 devices connected. :)
You could have one or more botted machines launching outbound DDoS
attacks, potentially filling up the NAT translation table and/or getting
squelched by your broadband access provider with layer-4 granularity.
And the boxes themselves could be churning away due to being compromised
(look at CPU and memory stats over time). Aggressive horizontal
scanning is often a hallmark of botted machines, and it can interrupt
normal network access on the botted hosts themselves.
I don't actually think that's the case, given the symptomology you
report, but just wanted to put it out there for the list archive.
What about DNS issues? Are you sure that you really have a networking
issue, or are you having intermittent DNS resolution problems caused by
flaky/overloaded/attacked recursivs, EDNS0 problems (i.e., filtering on
DNS responses > 512 bytes), or TCP/53 blockage? Different host
OSes/browsers/apps exhibit differing re-query characteristics. Are the
Windows boxes and the other boxes set to use the same recursors? Can
you resolve DNS requests during the outages?
Are your boxes statically-addressed, or are they using DHCP?
Periodically-duplicate IPs can cause intermittent symptoms, too. If
you're using the consumer router as a DHCP server, DHCP-lease nonsense
could be a contributing factor.
Are the Windows boxes running some common application/service which
updates and/or churns periodically? Are they members of a Windows
workgroup? All kinds of strange name-resolution stuff goes on with
Also, be sure to use -n with traceroute. tcptraceroute is useful, too.
netstat -rn should work on Windows boxes, IIRC.
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG