FW: hey had eric sent you

I’m running short on theories and options, so I thought I would see if any other ISPs have seen this problem on your network(s). If so, what was the cure?


This is UPnP discovery. Take a look here:

I see a lot of unicast UPnP traffic on my networks.
UPnP seems like a train wreck waiting to happen, to me.

It would be interesting to see what happens if one
of your users turns UPnP off on their host.

Just a shot in the dark.

MessageThis in reply to the earlier thread Weird Problems?

Well barring that, I've seen simuliar issues, maybe not the exact same
timings but.
I've noticed a couple of things while working with a roll out of
and a recent upgrade to I.E 6.0 for the user base. Since there were several
users involved some of the issues were simply bad configs/drivers/etc.
However one
of the stats I have noticed is that in certain situations where a system is
connected to
a Cisco 3548, and the client is running in an Auto detect (AD/AN) mode that
are horendiously slow during boot up, and at various times seem to hang
It seemed corrected by setting the client to 100/Full, but not in all cases.
Lots of HTTP
complaints still remain about accessing webpages etc. but never consistant.
This of course is a pretty fresh problem and is still in my queue for
research to start this
Monday. As well, we've found that there was an odd bug with Cisco's 6513s
and their
48 port 10/100/1000 line cards. This was using the latest IOS/CAT software
at the time.
Again not sure if its a documented problem but, several users were unable to
Telnet or
FTP to systems that teminated to the 6513, oddly we were able to icmp echo
and pass
HTTP. After sometime and 2 TACs I found that there was a bug regarding these
and real small packets (I Think less than 64bits??) being passed thru the
6513 and got an
RMA for new Line cards. Again, perhaps nothing to do with your situation.
Since the Nix systems
and non-Doze seem not to have an issue, perhaps you can enlighten me with
Sniffs/Captures of these events directly?
    As soon as I get some more data/Captures on my end from the problems I'm
seeing I can
forward those apon request so as to keep S/N ratio down on Nanog (:


Yep. Giving insecure PC's the power to change firewall settings. Doesn't
sound like the cleverest idea.

I have a firewall, my computer can't be a zombie. Yes, I click on every
attachment I see and install every program any random web site offers me,
but I have a firewall so my computer can't be a zombie :frowning:

But it does demostrate that people really, really want to run their
applications no matter how we try to stop them. Instead of blocking
people from running their applications, can we figure out better ways
for them to run them safely?

That reads more like a person who is customer centric with an acceptable idea…


Bit hard by same bug. What version of code are you running on the 6513
8.1(2) fixes the bug on the 6x48 line cards. What happens is that packets
of 64 bytes or less are silently dropped. Replacing linecards will not
help unless there is another bug of which I am not aware. With a little
digging I can dredge up the relevant DDTS.

                            Scott C. McGrath

Any exploits out there yet?