Problems with misconfigured Windows OS #695
Comments
|
Hi Maticb, thank you for your observations. Can you please clarify, what makes you conclude this is a DDOS attack? DDOS attacks target servers. Second question: which DNS servers were you using? This matters too. |
|
(Sorry, let's replace DDOS with DOS, which makes more sense, since it wasn't distributed) I don't know what it was I just assumed DOS, I tried the default DNS (ISP's), and also the google DNS (8.8.8.8 and 8.8.4.4). Because I have figured out months ago, that there was something wrong with the DNS requests. If you had, for example, facebook open, you could use the chat, but couldn't open any other page e.g. youtube.com, because it couldn't resolve the IP. So last week, I installed this hosts file again (after having a fresh windows install for 2 months, and no connection issues). The issues started to gradually come back, and because this time I knew the only change I did last week on my computer was this file, and wireshark returned a bunch of DNS packets, returning something 0.0.0.0-in-addr.arpa (I do not have the logs sadly, but I know it was this 100%), which AFAIK has something to do with a reverse DNS? I am really lost here, but as I said, everything works perfectly normal from the exact moment of removing the hosts file. I also noticed high CPU usage of the windows "DNS Client resolver". EDIT: Actually perhaps I worded this badly, or anyway, basically just thinking out loud here, because this is completely baffling me. What I meant by DOS, is my PC sending a lot of DNS requests, until the DNS servers "grew tired" of me and started blocking me in the firewall? (hence DOS <- meaning I "unintentionally" triggered it)? |
|
This reminds me #411 (Awesome discussion) and my comment #411 (comment) 😄 |
|
@maticb to claify, this isn't DOS at all. It's just not true that your hosts file somehow, magically, triggers a denial of service attack, distributed or not. Just so we're clear. |
|
@StevenBlack,yup I am pretty sure it cant actually trigger a large scale DDOS, feel free to rename the issue to something else. |
maticb
changed the title
|
@maticb or... you can rename the issue as it becomes more clear? When you've discovered the root problem, you can close the issue too, leaving a summary. |
|
@StevenBlack , yes, sorry, just realized I can rename issues myself :) I will try to find out as much as I can, and report back. |
StevenBlack
changed the title
|
@maticb there, I fixed it for you. 😄 |
|
I'm extremely baffled by 1 PC that's seemingly not used as connection sharer makes other PCs lose connectivity through its hosts file. |
|
@StevenBlack :D @rautamiekka So am I. The issue #411 that was linked before, actually kind of clarified things. I noticed complete or partial blank outs of DNS resolving, on a consistent schedule, which seems to prove that it was the windows's DNS cache running. Now to clarify, also considering how @StevenBlack renamed the issue (I know you might be a tad sarcastic there too :D ), this is not something that I configured. While I am a full-time developer, I only know the very basics of networking and stuff like DNS, which is why I can assure you I never fiddled with anything, aside from using these entries in the hosts file. Taking that into account, and considering I am not the only one reporting this, it would seem fair to give Windows users a warning, that this might cause serious issues in network connectivity, no? We've had technicians from the ISP here, their call center technicians just said "Yes, we can see some fluctuations in the (coax) connection". They replaced our router, and gave us 3 months of -50% on the monthly payments because they couldn't find the issue. My theory here being, that in my old place, we had 100/10 fiber, which had the capacity to handle all my DNS updates, while the coax 150/4 connection in conjunction with some network settings, caused timeouts and/or firewall blockades somewhere. |
|
Closing this; not our issue. |
This is more of a warning than an issue:
I have been using this file to block ads for a while now. But some time ago I have moved to a new apartment, where I had a different provider, I also had to downgrade from Fiber to Coax (Provider telemach. in Slovenia).
I've of course brought over my computer from before, and had constant issues with DNS timeouts on the network, all the clients were having trouble connecting to websites, because they didn't receive the DNS query.
Now, because I don't want to write down the whole story of 6 months of annoying the ISP and calling them on a daily basis (even paying 50% off for a couple months). It ended up being this file. I have no idea which program, perhaps even somewhere in windows core (I have a good antivirus, so this was not malicious), and my Windows install is was CLEAN, only installing Firefox and some development tools.
After removing the entries in my hosts file, network problems went away entirely.
I spent 6 months being annoyed by this, the thought had never crossed my mind, until I reinstalled windows and traced back the start time of my issues back to the adding of hosts entires in this file.
PLEASE, add a warning. I have literally spent hours and hours arguing with my roommates and debugging the network, all because of this file.
I still have no idea what exactly is causing this issue, if it's the network provider doing something funky with the DNS, or perhaps even my router.
I only know that 110% at the exact moment of removing hosts entries everything works.
My best guess is that there is some app, somewhere deep inside the bowels of my system, that somehow unintentionally pulled of a DOS (on my own network)
The text was updated successfully, but these errors were encountered: