twixt
join:2004-06-27
North Vancouver, BC | reply to micoteck
Re: Interesting problem with Shaw internet - anyone said by micoteck :
For past 3-4 years it has worked flawlessly. No issues, everyone is happy. Now, all of a sudden, every few days, one, or two or three of the IPs disappear (it is random).
they lose their bindings to NIC subsequently inbound connections from internet are dropped. and connection from windows to internet drop. When this occurs, at least one or two of the IPs remain functional, so i know that system, or modem or default gateway has not crashed. It is very puzzling. traffic or services specified bound to disappeared IPs stop, while other traffic bound to IP that is active on modem continue to work.
During one of these epesodes, When speaking to level-1 support, they can see the modem, confirm that missing IPs have dropped and inacessible, but cannot offer any explanation.
Modem signals are in green and no issues there. Can anyone here help? Please. Rebooting the windows or modem doesn’t fix problem. Sometimes after a reboot, a different permutation of
IPs remain active and others disappear. It is very strange.
I have replaced Shaw modem with a new modem. And Shaw has re provisioned it again with same IPs. Replaced network cable also, replaced 3com NIC also and performed windows update as well, but problem continues. Please help and give me some suggestions as what could be wrong. Problem started about a month ago...
One Possibility:
Most ISPs do not actually have Static IPs. They simply configure their DHCP Server to *reserve* a particular IP address or set of IP addresses for your particular cablemodem Serial Number.
One of the ways that ISPs can check for fraud is to see whether multiple IP addresses are assigned to the same cablemodem Serial Number. If more than one IP address is assigned the same cablemodem Serial Number, the DHCP server can be instructed to devalidate or refuse to renew the IP address for suspected-pirate IP addresses.
Because your situation is non-standard, the security protocols used for Shaw's DHCP Servers must be modified to allow the security system to pass and accept your multiple IP addresses on the same cablemodem Serial Number. If not, the fraud-detection system will detect you as a pirate and quite properly disconnect you.
It is possible that Shaw has recently either implemented the above protection for the first time, updated their existing fraud-protection and mismanaged the upgrade, or there is a configuration error in their fraud-protection system for your account. This will require further investigation.
Note: It is highly probably that the standard techdroids at the end of the phone lines will know little-to-nothing about Shaw's fraud-protection schemes. These things are commonly kept secret - based on the "security by obscurity" principle.
Another possibility:
Vulnerabilities in DNS have led to widespread DNS-poisoning opportunities. Improvements in the DNS assignment-randomization process have been implemented to make DNS-poisoning more difficult. These updates have been implemented on both Client (you) and Server (Shaw) sides of the connection.
Check to see if any of Microsoft's security updates to your Server are implicated in regards to DNS issues. (Read the caveats for those updates and check for compatibility issues that Microsoft is already aware of - and implement the recommended modifications as noted in the Microsoft KB article for the affected update if your issue is noted in an appropriate article.)
If reconfiguration on your end cannot solve the problem (or there is no applicable Microsoft-supported modification as mentioned above), there may be a compatibility issue between the way those security updates have been implemented by Microsoft and the manner in which Shaw's security protocols defending against DNS-poisoning are reacting to your multiple IP addresses with the same MAC address.
If this is the case, then similarly to the above, there will have to be manual intervention and configuration of the DNS-poisoning defences on Shaw's side - in order to allow your particular configuration's data-packets to pass unmolested.
Recommendations:
You'll need to talk to someone on at least Tier2, probably Tier3 before anyone can converse with you intelligently. Good luck trying to get past the gates - there is a high probability that nobody at the level which you are talking to currently will have a clue that something like what I've described above even exists. |
