ICS is a Black Hole Router; ebay, google, and abcnews unreachable by clients

W

William Lipp

I've been trying to figure out why my ICS Gateway can browse to
www.ebay.com and www.google.com and www.abcnews.go.com but the ICS
client computers cannot. Most internet sites are reachable from all
computers. Google found some messages from the DNS news
group in July 2003 in which Ace Fekay [MVP] directs attention to the
article on How to Troubleshoot BlackHole Routers
http://support.microsoft.com/?id=314825

Following these instructions, the problem is that the unreachable
sites require an MTU of 1460 instead of 1500. The Gateway machine
gets the ICMP Type 3 Code 4 messages ("destination unreachable, don't
fragment (DF) bit sent and fragmentation required"), and presummably
resends with smaller MTUs. BUT THE ICS GATEWAY DOESN'T RELAY THIS
MESSAGE TO THE ICS CLIENTS - the very definition of a Black Hole
Router.

Is there some registry setting that will fix this? If not, is there
some bug reporting process that will get Microsoft to fix this?
 
W

William Lipp

I'm pretty sure. I've had this problem for months and no trojan
horses detected by McAfee. Today I installed a new computer with
Win2K, and these sites were all unreachable until I changed the MTU to
1460, at which time they all became reachable.. But most conclusive
is that the unreachable sites all show "needs to be fragmented" when
pinged from the Gateway. Three examples:

ping www.ebay.com -f -l 1472
ping www.google.com -f -l 1472
ping www.abcnews.go.com -f -l 1472

The same ping messages from the ICS clients time out.

I'm betting that NOBODY can reach www.ebay.com from a Win2K ICS client
machine unless the MTU has been set to 1460 or lower in one of the
machines.
 
W

William Lipp

One more test today - I was replacing the hard drive in a Win2K
machine and doing a clean install on the new hard drive. Straight off
a clean install, IE could not reach www.ebay.com. Changed the MTU to
1460 following the instruction in "troubleshooting a black hole
router," and it works fine.

What would it take to convince you that this a workaround for the core
problem that ICS is a black hole router and get you to make an
authoritative bug report that's likely to get acted on? My guess is
that this one bug is 50-85% of the reason ICS has such a bad
reputation that people are always advised to get a router instead of
ICS. It's the only problem we've had in half a year of using ICS in
my house, but we stuck it out only because the wife and kid didn't
know a router would fix it, and it was slightly less inconvenient than
the proxy server we used before going to ICS.

The information is all in the Microsoft article on How to Troubleshoot
BlackHole Routers.
http://support.microsoft.com/?id=314825
 
J

Julio C. Vergara-Heinrroth

I had the same problem as Jim, but slightly different. Ahh.
BTW. I have NO QHOSTS Trojan on my Computer, I just
checked with the symantec tool.

Here is my solution to my problem.

My Network:
-----------
- Win 2000 PRO (German) with a DHCP connection to my ISP
through cable modem and a LAN connection to my Intranet.
- Win 2000 PRO (English) had problems as described by Jim.
- Redhat Linux 9.0 (English) had problems as described by Jim.
- Windows XP Home (English) NEVER had any problems
connecting ANYWHERE, very strange!!!
- ALL IP addresses in my Intranet where configured
statically, using "192.168.220.xxx/255.255.255.0".

How do I check the MTU size in a Windows 2000 PRO machine?
----------------------------------------------------------
1. Start -> Run
2. Type "rededit"
3. Navigate in the tree to:
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[ID_for_Adapter]\Connection
4. Verify there the name of your connection and write down
[ID_for_Adapter]
5. Navigate in the three to:
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[ID_for_Adapter]
6. Checkt there te MTU keword. If the keyword MTU does not
exist the default value is being used.


How do I change the MTU size in a Windows 2000 PRO machine
to 576 (decimal)?
----------------------------------------------------------------------------
1. Follow the above procedure, then
- If the MTU keyword does not exists:
- Right-click the right side of the screen
- click "New"
- click "DWORD Value"
- name the value MTU
- double-click on the newly created key.
- change the "Value of Data" to 576
- check "Decimal" on "Base" checkbox.
- If the MTU keyword exist:
- double-click on the "MTU" key.
- change the "Value of Data" to 576
- check "Decimal" on "Base" checkbox.


-----Original Message-----
I'm pretty sure. I've had this problem for months and no trojan
horses detected by McAfee. Today I installed a new
Click to expand...
computer withHow do I check the MTU size in a Redhat Linux
9.0 machine?
----------------------------------------------------------
1. Open the file
"/etc/sysconfig/networking/devices/ifcfg-[your_adapter]
2. See entry "MTU=xxxx". If the entry "MTU" does not exist
the default value is
being used.




How do I change the MTU size in a Redhat Linux 9.0 machine
to 576?
------------------------------------------------------------------
1. Follow the above procedure.
- If entry does not exist:
- create a "MTU=576" entry at the end of
the file.
- If entry does exist:
- cahnge entry "MTU=xxxx" to "MTU=576".
2. Save file.


My Solution
-----------
1. I checked the Windows 2000 PRO (German) machine's MTU
size of both adapters,
Intranet and ISP. It was 576 (decimal) for both, which is
the minimum common used MTU size. I did NOT change anything.
2. I checked the MTU size of the Windows 2000 (English)
machine, and it did NOT
have any MTU size; therefore, I assumed it used the default
size of 1500. I created a new MTU entry in the registry and
set it up to 576 (decimal).
3. After that I had NO PROBLEMS with the Windows 2000 PRO
(English) machine.
4. I checked the MTU size of the Redhat Linux 9.0 (English)
machine, and it did
NOT have any MTU size; therefore, I assumed it used the
default size of 1500. I
created a new MTU entry in the config file
(/etc/sysconfig/networking/devices/ifcfg-eth0) and set it
up to 576.
5. After that I had NO PROBLEMS with the Redhat Linux 9.0
(English) machine.
6. The Windows XP Home (English) machine needed not
configuration, it works without problems, very strange.


References:
-----------
-
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
- http://support.microsoft.com/?id=314825
-
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ICS is a Black Hole Router 4

Top