Simple home network problem

[Guest]

I have a simple 2 computer home network set up for the purpose of sharing
printers, files and most importantly, ICS. Both machines are recent
manufactured systems from major companies; and both machines have Windows XP.
My network is established via a crossover cable; no routers, etc.. My ICS
is dial-up. And finally, I have a firewall (Zone Alarm Suite) installed on
both machines.

Here's my problem. 'My' machine is the client machine; with the wife's
being the gateway. If she is active in browsing, etc., everything seems to
go OK. But, when her machine is idle, as no browsing activity, etc ... just
sitting there connected to the web giving me, the client, also access ... it
seems my machine gradually slows down in it's speed ... and eventually stops
loading pages, urls, etc.......even though still being connected.

Tonite while this happened, and it has been ongoing on now for some time ...
just never 'analyzed' it in this manner ... when my machine quit loading, I
had the wife refresh her idle page and also do a small bit of surfing. Right
away, my machine began to again load pages at my request.

Then later on, after the wife was again idle in her surfing, my machine
again would not load.

I've got the ZA settings to the middle settings ... as not in high security
settings; but short of disabling it all together, can't seem to see any
change. Also have the Microsoft AntiSpyWare active along with ZA. Windows
firewall has been disengaged; and machines are configured within ZA as
gateway and client settings regarding IP addresses.

Does anyone have any idea what is causing my machine, client, to stop
loading even though still connected via the gateway machine?

Thanks.

 

[Malke]

I have a simple 2 computer home network set up for the purpose of
sharing
printers, files and most importantly, ICS. Both machines are recent
manufactured systems from major companies; and both machines have
Windows XP.
My network is established via a crossover cable; no routers, etc..
My ICS
is dial-up. And finally, I have a firewall (Zone Alarm Suite)
installed on both machines.

Here's my problem. 'My' machine is the client machine; with the
wife's
being the gateway. If she is active in browsing, etc., everything
seems to
go OK. But, when her machine is idle, as no browsing activity, etc
... just sitting there connected to the web giving me, the client,
also access ... it seems my machine gradually slows down in it's speed
... and eventually stops loading pages, urls, etc.......even though
still being connected.

Tonite while this happened, and it has been ongoing on now for some
time ... just never 'analyzed' it in this manner ... when my machine
quit loading, I
had the wife refresh her idle page and also do a small bit of surfing.
Right away, my machine began to again load pages at my request.

Then later on, after the wife was again idle in her surfing, my
machine again would not load.

I've got the ZA settings to the middle settings ... as not in high
security settings; but short of disabling it all together, can't seem
to see any
change. Also have the Microsoft AntiSpyWare active along with ZA.
Windows firewall has been disengaged; and machines are configured
within ZA as gateway and client settings regarding IP addresses.

Does anyone have any idea what is causing my machine, client, to stop
loading even though still connected via the gateway machine?

Thanks.

On your wife's machine, look at the network adapter's Properties from
Device Manager. Click on the Power Management tab and uncheck "allow
Windows to turn off this device while not in use" and see if that
helps.

Malke

 

[Al Romanosky]

May or may not be the answer to your problem, however a firewall should only
be active on the computer providing internet access - It is a no-no to have
a firewall active on the computer sharing the connection.

 

[Chuck]

May or may not be the answer to your problem, however a firewall should only
be active on the computer providing internet access - It is a no-no to have
a firewall active on the computer sharing the connection.

Al,

In the days when a firewall was simply needed for perimeter protection, that
would have been a correct concept. Now, you need a firewall on each computer on
the LAN.

In case any one computer becomes infected thru an application level exploit,
such as an email virus that contains a worm, having each computer protected by a
personal firewall means having only one infected computer, as opposed to many
infected computers.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.

 

[Al Romanosky]

Sorry - it is a no-no e.g.firewall. Following are quotes from Microsoft
literature:

"ICF should be configured ONLY on the computers on the network that connect
directly to the internet. If ICF is enabled on other computers on the
network problems with file and print sharing can ensue" and

"Microsoft's ICS blocks incoming access to other computers on the LAN.... If
you use ICS you must enable ICF on the same connection (computer being
shared Together they provide adequate protection...."

 

[Lori Ann Kuiper]

I thought that if you ran the network setup wizard, you were suppose to have
the firewall enabled on all PC's and the wizard would automatically open the
proper ports???

 

[Chuck]

Sorry - it is a no-no e.g.firewall. Following are quotes from Microsoft
literature:

"ICF should be configured ONLY on the computers on the network that connect
directly to the internet. If ICF is enabled on other computers on the
network problems with file and print sharing can ensue" and

"Microsoft's ICS blocks incoming access to other computers on the LAN.... If
you use ICS you must enable ICF on the same connection (computer being
shared Together they provide adequate protection...."

Good point. Unfortunately, if you're still protected by ICF, then you have
worse problems than be cured by any help here.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.

 

[Chuck]

I thought that if you ran the network setup wizard, you were suppose to have
the firewall enabled on all PC's and the wizard would automatically open the
proper ports???

Lori,

If you have XP SP2 (which you should) then Windows Firewall will be enabled,
with File and Printer Sharing exception enabled.

If you have XP SP0 or SP1, with Internet Connection Firewall, then you'd have to
setup an ICF exception manually, by opening TCP/UDP 135-139 and 445 (or
thereabouts). Microsoft's approach to ICF was indeed to tell everybody not to
use it except in perimeter defense, lest "problems with file and print sharing
can ensue".

Most security conscious folk today know that perimeter defense is not effective,
you have to have interior defense too, which is one of the reasons why WF comes
enabled on SP2. But if you're not on SP2, you have worse problems than I, and
most helpers here, can help with.

BTW, Lori, posting your email address openly will get you more unwanted email,
than wanted email. Learn to munge your email address properly, to keep yourself
a bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.

 

[Guest]

Malke: Yes, that box was checked. I had checked it when setting up the
network because I wanted to be able to go online, or off, without having to
have the wife's machine online. In any case, seems that did not accomplish
anything as once I signed on, with my 'client' machine, the internet was
'automatically' connected to ... even though we had not requested to be
connected ... yet. So, I went ahead and simply added a shortcut into her
Start menu ... which accomodates me ... but seems to be superflous ...
considering the verbage on this checkbox.

In any case I have now unchecked this box.

But, if you can, why would this be the cause and effect? I ask this from an
'educational' aspect ... as in understanding these complex 'gray box' issues.

Thank you for this input.

doon

PS: The other postings regarding firewall on one or on both machines is
confusing to this 'old fart'. Wondering if I SHOULD ... or SHOULD NOT have a
firewall on BOTH machines.

 

[Chuck]

Malke: Yes, that box was checked. I had checked it when setting up the
network because I wanted to be able to go online, or off, without having to
have the wife's machine online. In any case, seems that did not accomplish
anything as once I signed on, with my 'client' machine, the internet was
'automatically' connected to ... even though we had not requested to be
connected ... yet. So, I went ahead and simply added a shortcut into her
Start menu ... which accomodates me ... but seems to be superflous ...
considering the verbage on this checkbox.

In any case I have now unchecked this box.

But, if you can, why would this be the cause and effect? I ask this from an
'educational' aspect ... as in understanding these complex 'gray box' issues.

Thank you for this input.

doon

PS: The other postings regarding firewall on one or on both machines is
confusing to this 'old fart'. Wondering if I SHOULD ... or SHOULD NOT have a
firewall on BOTH machines.

Doon,

You SHOULD have a firewall on each computer; if one is ever infected the
firewall could prevent infection spreading to the others. If you want to share
files between the two you have to setup the firewall to allow that.

Al is stuck in the pre-SP2 days.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.

 

[Guest]

Thanks Chuck ... from Chuck.

I do have ZP Suite on BOTH machines ... for just that reason. Just 'felt'
it appropriate ... considering what 'scum' is out there lurking and looking
for vulnerable machines.

Unfortunately, the adjustment I just did, from Malke's suggestion, seems to
not be making that much of a difference. Wife's machine has been online ...
and idle now for about the last half hour ... and when I log in, after a few
minutes, loose my ability to 'surf'.

doon ... aka Chuck

 

[Chuck]

Thanks Chuck ... from Chuck.

I do have ZP Suite on BOTH machines ... for just that reason. Just 'felt'
it appropriate ... considering what 'scum' is out there lurking and looking
for vulnerable machines.

Unfortunately, the adjustment I just did, from Malke's suggestion, seems to
not be making that much of a difference. Wife's machine has been online ...
and idle now for about the last half hour ... and when I log in, after a few
minutes, loose my ability to 'surf'.

doon ... aka Chuck

Well, Chuck,

You've sure got an interesting problem. Let's try and narrow down the scope.

When the symptoms start, is it all Internet? All websites? Do you have
anything besides one browser to check against? Can you try access by ip
address, not URL? By pinging not browsing?
From a command window:
1) Ping www.yahoo.com.
2) Ping 66.94.230.33.
Report success / exact text of error messages.
From your browser:
3) Browse www.yahoo.com.
4) Browse 66.94.230.33.
Report success / exact text of error messages.

Maybe get PingPlotter (free) from <http://www.pingplotter.com/>. Set
PingPlotter up regularly pinging your ISPs DNS server, or some other fixed
Internet target. When the problem starts happening, observe the ping traces,
and see if they reflect anything.

Maybe put Process Explorer (free) from
<http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>, on both computers,
and watch various displays on PE, when the problems starts happening. Is the
host running any software, like a screensaver, or AntiVirus program? I have
Avast on two of my computers, and I notice that some days, when the screensaver
kicks in on my third computer, one of the Avast programs drags performance down
like crazy.

Your experience is why I preach Get Rid of ICS.
<http://nitecruzr.blogspot.com/2005/05/ics-is-ok-but-you-can-do-better.html>

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.

 

[Guest]

Chuck: Not too astute at this ... but will try........

In Command mode, ping Yahoo.com came back with a 4 line message addreessing
ip address #66.94.230.50 ... and a bunch of other numbers, statistics, etc..

As for symptoms, if I understand, when I initially get on line via the
gateway machine, I have unfettered internet access.

I'll just send this for now to see if it makes any sense to you so far.
Then, I'll go over to your site to see what you say about ICS.
Unfortunately, in the very small town we live in, which incidentally happens
to be the same town that Jesse Brinkley of The Contender show ... on tonite
at 8:00 ... is from, our choices are extremelyk limited. Dial-up is the ONLY
thing available to 'us country folks'.
Chuck


Chuck

 

[Chuck]

Chuck: Not too astute at this ... but will try........

In Command mode, ping Yahoo.com came back with a 4 line message addreessing
ip address #66.94.230.50 ... and a bunch of other numbers, statistics, etc..

As for symptoms, if I understand, when I initially get on line via the
gateway machine, I have unfettered internet access.

I'll just send this for now to see if it makes any sense to you so far.
Then, I'll go over to your site to see what you say about ICS.
Unfortunately, in the very small town we live in, which incidentally happens
to be the same town that Jesse Brinkley of The Contender show ... on tonite
at 8:00 ... is from, our choices are extremelyk limited. Dial-up is the ONLY
thing available to 'us country folks'.
Chuck


Chuck

Chuck,

I have to sympathise with you over the DSL bit. This country is falling behind
the rest of the world WRT broadband availability, thanks to phone companies that
are unregulated monopolies.

I live in the middle of suburbia, and I'm 3 miles away from the telephone CO.
Yet I have very slow DSL, and the phone company warns me that if I complain I'll
have no DSL. They "measure me" at 5 miles away, which means that they manage
their cabling and mess up my signal to the tune of 2 miles, or a 66% distance
increase. The Utilities Commission states that they don't regulate DSL, so I'm
out of luck.

Where did you "send this"?

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.

 

[Guest]

I'm sorry. Don't understand the question, "Where did I send this?" If you
mean where did I send it from, Yerington, Nv ... Jessee's home town ... in
fact, lives just around the corner from us.

If you meant where did I send the response ... to you via Reply in the MSN
message.

Did the response I sent regarding the ping process answer your question? If
so, is there something I should be doing to try and address my inactivity
after a certain period of inactivity on the part of the wife's gateway
machine ... as in MASTER ... with mine being SLAVE.
Chuck

 

[Chuck]

I'm sorry. Don't understand the question, "Where did I send this?" If you
mean where did I send it from, Yerington, Nv ... Jessee's home town ... in
fact, lives just around the corner from us.

If you meant where did I send the response ... to you via Reply in the MSN
message.

Did the response I sent regarding the ping process answer your question? If
so, is there something I should be doing to try and address my inactivity
after a certain period of inactivity on the part of the wife's gateway
machine ... as in MASTER ... with mine being SLAVE.
Chuck

I wonder where MSN sent it? I don't use MSN, I post to Usenet like most geeks.

My email address is at the bottom of this message. Please don't repeat it here,
just email to it.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.