On Fri, 23 Nov 2007 23:59:41 +0200
"Joel V." wrote:

> Hello all,
>
> I'm not experiencing this problem, my friend is. He's simply too
> pissed off to write here and I'm afraid he's going to set his office
> on fire if he doesn't solve the problem soon, so without further ado,
> here's the problem:
>
> He has two fbsd boxes, main server running 6.1 and dns server running
> 4.3. He has 4 public IPs which he can use and the main server is
> running on x.x.x.122. He's main box is NOT acting as a gateway/NAT
> box in the office. Today he noticed that net is getting awfully slow.
> Sometimes there would be 50% pl when pinging, sometimes pinging would
> be all OK, but SSH is dead-slow and the webpages running on the main
> server are not displaying. E-mails are not going through. He calls
> the ISP, who say that his network is showing major uploading
> activity. He switches off networking services one by one in the main
> box but situation does not improve. He disconnects the main server
> and puts a windows xp box instead, which seems to run fine. He puts
> back the freebsd box, disables all networking services again except
> for SSH and connects the network: instant 100% networking slow-down.
> He tried to change the switch, thinking it's faulty. He disconnect
> every other computer in the office from the network: nothing. He put
> the public IP address on the second, internal network NIC: same
> thing. Now it gets really mysterious: he puts the old dns server with
> the x.x.x.122 IP and instantly it becomes slow as death. The logical
> conclusion would be that someone is flooding that IP? Only the
> windows xp box seemed to work fine and the ISP guy said it was upload
> bandwidth that was excessive...
>
> Netstat -a doesn't show anything interesting, arp -a doesn't show any
> incomplete addresses He tried to build and install a new fresh kernel.
> Nothing. This is the most creepy networking problem I've heard of.
> Can YOU help? Any ideas where to start looking?


Not enough information (a bit hard to extract from above...)

To date I remember experiencing only 2 causes that had symptoms very
similar to your buddie's:

0. DDoS attack -- started suddenly one day after I scanned some
spammer's gateway with Nessus (or just nmap? can't remember);

1. All my home network is 10/100, but workstation has a Gigabit NIC,
Marvell Yukon 88E8056, using their driver myk(4) [thanks, Marvell!
but where is the source code? ]. Right after I replaced an old
10/100 switch by a gigabit one, the network speed dropped to less
than 100 kbytes/s. Turns out the NIC began autonegotiating to
1000baseTX for some reason. Setting media manually to 100baseTX
improved things to my satisfaction.

> I'm not in the freebsd-hackers list, so if you want the e-mail to
> reach me, send a copy to joel@spirit.ee
>
> Thank you in advance!
> Joel


[SorAlx] ridin' VS1400
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/lis...reebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"