Thursday, August 2, 2018

Network saturation (RX) to all LAN machines... ?

tl;dr - Can unmanged switches be plugged together in such a way that they nuke the network?

We have an office LAN of 30ish devices and all of a sudden the desktop machines lose their internet connections and show massive RX traffic on their network adapters - to such an extend the PCs themselves got sluggish and these are powerful i7s.

Fearing the worst I went and unplugged the modem and WiFi AP. No change. Rather than log on to each managed switch, I went through unplugging cables and isolated the source of the network traffic to a single connection.

This connection, it turns out, goes off to a little nest of 5 unmanaged switches which connected together about 10 IP cameras and 7 PCs. Having isolated this little cluster, the chaps working there (the MD and a colleague, trusted and definitely not trying to do anything nefarious) unplugged everything, so by the time I went back over having plugged the rest of the network back in it was impossible to see what might be going on.

I've now systematically plugged everything back in on that little cluster of stuff (not connected to the LAN) and all seems fine. Similarly, connecting it all back to the LAN through the same cable and everything seems OK. Virus scans of each of the PCs show nothing abnormal and all were set up with firewalls and scanners active. I will probably nuke them anyway but the chaps here reckoned it all started when they might have accidentally plugged their unmanged switches in 'weirdly' to cause some kind of crazy loopback or switch confusion that might have blitzed the network...

I have never heard of / experienced such a failure mode but if anybody would have come across weirdnesses like this I figure they might be here! Any ideas?



No comments:

Post a Comment