Internet / Mail Stops working

janst

Internet / Mail Stops working

« on: June 05, 2007, 06:44:38 AM »

Hi , I have viewed the question asked by Mortale relating to this problem and could not find a resolution.
My box has started displaying the same symptoms.
It runs fine sometime for days and at other times it only last hours before internet and mail no longer function.
I am running a Dell 4600 machine with a 2.6Ghz CPU 1gig RAM and 2X 80 Gig Disks in Raid.
MY connection to the internet is via a Motorola surfboard Cable modem on the wonderful Telstra network (BPALogin and its associated issues).
Hdisks usage are at 14% and access to the console is possible when internet connection is lost.
I have replaced the NIC and downed and upped the device with no luck. Only a system reboot seems to resolve the problem.
Any help would be appreciated

Logged

mmccarn

2,626
+10/-0

Internet / Mail Stops working

« Reply #1 on: June 05, 2007, 04:01:38 PM »

It would be nice to include the post you are referencing in your query: http://forums.contribs.org/index.php?topic=36904.0

Here's a post of mine from Nov '06 about server slowdown/freezeup: http://forums.contribs.org/index.php?topic=34420.0 You might want to look at it to compare symptoms, but in that post my problem turned out to be that I couldn't read the manual (inadequate hardware, which is not your problem).

I had another SME (7.0) that behaved similarly when one of my other local hosts had been hacked and turned into a spam relay. The SME box somehow filled up with messages that were trying to be delivered to tarpit hosts - if I rebooted the server I'd get email for about 5 minutes, then it would lock up again and tail -f /var/log/qpsmtpd/current would show only 'Too many connections: 40 >=40. Waiting one second".

I know my SME was trying to deliver to tarpits because if I ran netstat -an | grep :25.*EST to show me the active connections to or from port 25 I would get a huge list (60 or more entries). If I then did some research on the IP addresses in the right-hand column, they were all related to spam filtering services, with some specifically mentioning 'tarpitting' as one of their anti-spam techniques.

In a default SME configuration your SME box will be providing SMTP proxy services for internal hosts -- so if you have any compromised internal hosts the mail will first go to the SME, then go to the Internet.

So, I'd do this: [list=1]

Run the command listed above (netstat -an | grep :25.*EST). On a well-running SME that handles 9,000 emails a day this typically shows 4 or less active SMTP connections at any one time.
Examine /var/log/qpsmtpd/current for error messages
Examine /var/log/qmail/current for error messages
Run top, identify the process that is hogging system resources, then examine the log file for that process.
Let us know what you find.[/list:o]

I think that the resolution in Mortale's original post included new hardware and OS updates...

Logged

mike_mattos

313
+0/-0

Internet / Mail Stops working

« Reply #2 on: June 05, 2007, 08:58:18 PM »

I just 'discovered' a new wrinkle today with VPN....

I used VPN at my workstation, where I am also running Dynsite in case my cable IP changes , which is quite unusual, but since I've paid for Dynsite, I may as well use it!

I VPN'd to a client, and Dynsite popped up to revise my Dynamic Name Service to the IP of my client! And of course my E-Mail server was 'updated' so I didn't get any mail for a while!

good news is, dynsite also fixed the problem when I disconnected the vpn connection, but who knew?

Logged

...

mmccarn

2,626
+10/-0

Internet / Mail Stops working

« Reply #3 on: June 05, 2007, 10:42:00 PM »

mike_mattos: Are you sure this is the topic you meant to post to? If you edit your VPN client properties and un-check 'use default gateway on remote network' then dynsite won't register a new IP when you use your VPN.

Logged

janst

Internet / Mail Stops working

« Reply #4 on: June 06, 2007, 11:55:17 AM »

Quote from: "mmccarn"

It would be nice to include the post you are referencing in your query: http://forums.contribs.org/index.php?topic=36904.0

Yep that's the one

Here's a post of mine from Nov '06 about server slowdown/freezeup: http://forums.contribs.org/index.php?topic=34420.0 You might want to look at it to compare symptoms, but in that post my problem turned out to be that I couldn't read the manual (inadequate hardware, which is not your problem).

Thanks read this but it didnt make to much sense. I am only a novice but have been running e-smith since ver 4. ( Never had any issues until ver 7)

I had another SME (7.0) that behaved similarly when one of my other local hosts had been hacked and turned into a spam relay. The SME box somehow filled up with messages that were trying to be delivered to tarpit hosts - if I rebooted the server I'd get email for about 5 minutes, then it would lock up again and tail -f /var/log/qpsmtpd/current would show only 'Too many connections: 40 >=40. Waiting one second".

tail -f /var/log/qpsmtpd/current
@4000000046667ef8138df564 4824 trying to get config for badrcptto
@4000000046667ef81398a7ac 4824 Plugin check_badrcptto, hook rcpt returned DECLINED,
@4000000046667ef8139b18ac 4824 running plugin (rcpt): check_goodrcptto
@4000000046667ef8139eaea4 4824 check_goodrcptto plugin: stripping '-' extensions
@4000000046667ef813a1526c 4824 trying to get config for goodrcptto
@4000000046667ef813b41eec 4824 check_goodrcptto plugin: address includes extn '-', checking users: natashamargolis
@4000000046667ef813c086b4 4824 check_goodrcptto plugin: recipient natashamargolis@coastbiz.com denied
@4000000046667ef813c4f76c 4824 Plugin check_goodrcptto, hook rcpt returned DENY, invalid recipient natashamargolis@coastbiz.com
@4000000046667ef813c7c244 4824 550 invalid recipient natashamargolis@coastbiz.com
@4000000046667ef91116fe0c 4055 cleaning up after 4824

I know my SME was trying to deliver to tarpits because if I ran netstat -an | grep :25.*EST to show me the active connections to or from port 25 I would get a huge list (60 or more entries). If I then did some research on the IP addresses in the right-hand column, they were all related to spam filtering services, with some specifically mentioning 'tarpitting' as one of their anti-spam techniques.

In a default SME configuration your SME box will be providing SMTP proxy services for internal hosts -- so if you have any compromised internal hosts the mail will first go to the SME, then go to the Internet.

So, I'd do this: [list=1]
Run the command listed above (netstat -an | grep :25.*EST). On a well-running SME that handles 9,000 emails a day this typically shows 4 or less active SMTP connections at any one time.

tcp 0 0 203.45.252.173:25 203.134.154.246:51466 ESTABLISHED (was all that came up)
Examine /var/log/qpsmtpd/current for error messages
last entries show

@4000000046667ffc22059e1c 4889 running plugin (rcpt): check_goodrcptto
@4000000046667ffc220918bc 4889 check_goodrcptto plugin: stripping '-' extensions
@4000000046667ffc220bc454 4889 trying to get config for goodrcptto
@4000000046667ffc221e69c4 4889 check_goodrcptto plugin: address includes extn '-
', checking users: coastbiz.comhapiro
@4000000046667ffc222acda4 4889 check_goodrcptto plugin: recipient coastbiz.comha
piro@coastbiz.com denied
@4000000046667ffc222f1f1c 4889 Plugin check_goodrcptto, hook rcpt returned DENY,
invalid recipient coastbiz.comhapiro@coastbiz.com
@4000000046667ffc2231d66c 4889 550 invalid recipient coastbiz.comhapiro@coastbiz
.com
@4000000046667ffd2703ffbc 4055 cleaning up after 4889

Examine /var/log/qmail/current for error messages

Last entries show

@4000000046667fc311b155c4 starting delivery 13: msg 6029314 to local jan-junkmai
l@coastbiz.coastbiz.com
@4000000046667fc311b18c74 status: local 2/10 remote 0/20
@4000000046667fc311b22c9c delivery 12: success: forward:_qp_4880/did_0+0+1/
@4000000046667fc311b41cb4 status: local 1/10 remote 0/20
@4000000046667fc311b5c67c end msg 6029313
@4000000046667fc312a9001c delivery 13: success: did_1+0+1/
@4000000046667fc312aaf034 status: local 0/10 remote 0/20
@4000000046667fc312abe64c end msg 6029314

Run top, identify the process that is hogging

output from TOp
top - 19:45:06 up 38 min, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 168 total, 1 running, 167 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0% us, 0.0% sy, 0.0% ni, 99.8% id, 0.2% wa, 0.0% hi, 0.0% si
Mem: 1025968k total, 271536k used, 754432k free, 17908k buffers
Swap: 2031608k total, 0k used, 2031608k free, 109492k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4913 root 16 0 3848 1004 760 R 0 0.1 0:00.17 top
1 root 16 0 2556 628 540 S 0 0.1 0:00.58 init
2 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0
4 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1
5 root 34 19 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1
6 root 5 -10 0 0 0 S 0 0.0 0:00.00 events/0
7 root 5 -10 0 0 0 S 0 0.0 0:00.00 events/1
8 root 5 -10 0 0 0 S 0 0.0 0:00.00 khelper
9 root 15 -10 0 0 0 S 0 0.0 0:00.00 kacpid
27 root 5 -10 0 0 0 S 0 0.0 0:00.00 kblockd/0
28 root 5 -10 0 0 0 S 0 0.0 0:00.00 kblockd/1
29 root 15 0 0 0 0 S 0 0.0 0:00.06 khubd
46 root 20 0 0 0 0 S 0 0.0 0:00.00 pdflush
47 root 15 0 0 0 0 S 0 0.0 0:00.02 pdflush
49 root 7 -10 0 0 0 S 0 0.0 0:00.00 aio/0
50 root 7 -10 0 0 0 S 0 0.0 0:00.00 aio/1

system resources, then examine the log file for that process.
Let us know what you find.[/list:o]

So Michael I think thats it but its all pretty much foreign to me. Whilst composing this reply it went down again. Not sure what to do next.

Thanks
Jan

I think that the resolution in Mortale's original post included new hardware and OS updates...

Logged

mmccarn

2,626
+10/-0

Internet / Mail Stops working

« Reply #5 on: June 06, 2007, 12:38:35 PM »

We would need to see the results of the various commands while the system is 'down' -- while it is 'up' everything will look normal.

Do the results you posted indicate an 'up' condition or a 'down' condition?

Also, have you run a RAM test on your system (included on the SME boot CD, I think...)

Logged

janst

Internet / Mail Stops working

« Reply #6 on: June 08, 2007, 08:28:18 AM »

Quote from: "mmccarn"

We would need to see the results of the various commands while the system is 'down' -- while it is 'up' everything will look normal.

Do the results you posted indicate an 'up' condition or a 'down' condition?

Also, have you run a RAM test on your system (included on the SME boot CD, I think...)

Hi There,

The following results are taking during the 'down state'.

netstat -an |grep :25.*EST
udp 0 0 203.45.252.173:2577 192.33.14.30:53 ESTA
BLISHED
udp 0 0 203.45.252.173:2585 202.12.27.33:53 ESTA
BLISHED
udp 0 0 203.45.252.173:25754 192.26.92.30:53 ESTA
BLISHED
udp 0 0 203.45.252.173:25266 192.33.4.12:53 ESTA
BLISHED
udp 0 0 203.45.252.173:25529 192.228.79.201:53 ESTA
BLISHED
udp 0 0 203.45.252.173:25292 192.33.4.12:53 ESTA
BLISHED

tail /var/log/qmail/current
@400000004668a891230bf644 new msg 6029314
@400000004668a891230c09cc info msg 6029314: bytes 7938 from <CKelhear@mfsgroup.com.au> qp 4788 uid 400
@400000004668a891235fabf4 starting delivery 8: msg 6029314 to local jan@coastbiz.coastbiz.com
@400000004668a891235fdebc status: local 2/10 remote 0/20
@400000004668a891236082cc delivery 7: success: forward:_qp_4788/did_0+0+1/
@400000004668a8912361e25c status: local 1/10 remote 0/20
@400000004668a8912362e814 end msg 6029313
@400000004668a89123f50a3c delivery 8: success: did_1+0+1/
@400000004668a89123f521ac status: local 0/10 remote 0/20
@400000004668a89123f5314c end msg 6029314

tail /var/log/qpsmtpd/current
@400000004668abba0bd7f5a4 4812 trying to get config for badrcptto
@400000004668abba0be288ac 4812 Plugin check_badrcptto, hook rcpt returned DECLINED,
@400000004668abba0be520bc 4812 running plugin (rcpt): check_goodrcptto
@400000004668abba0be98d8c 4812 check_goodrcptto plugin: stripping '-' extensions
@400000004668abba0beca29c 4812 trying to get config for goodrcptto
@400000004668abba0bffb56c 4812 check_goodrcptto plugin: address includes extn '-', checking users: hapiro
@400000004668abba0c0c964c 4812 check_goodrcptto plugin: recipient hapiro@coastbiz.com denied
@400000004668abba0c10e3dc 4812 Plugin check_goodrcptto, hook rcpt returned DENY, invalid recipient hapiro@coastbiz.com
@400000004668abba0c1427cc 4812 550 invalid recipient hapiro@coastbiz.com
@400000004668abbb0ef2c264 4094 cleaning up after 4812

top
top - 11:29:37 up 46 min, 1 user, load average: 0.04, 0.02, 0.00
Tasks: 166 total, 1 running, 165 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2% us, 0.2% sy, 0.0% ni, 99.7% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 1025968k total, 263800k used, 762168k free, 18172k buffers
Swap: 2031608k total, 0k used, 2031608k free, 99608k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4865 root 16 0 3260 1000 760 R 0 0.1 0:00.05 top
1 root 16 0 2352 628 540 S 0 0.1 0:00.58 init
2 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0
4 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1
5 root 34 19 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1
6 root 5 -10 0 0 0 S 0 0.0 0:00.00 events/0
7 root 5 -10 0 0 0 S 0 0.0 0:00.00 events/1
8 root 5 -10 0 0 0 S 0 0.0 0:00.00 khelper
9 root 15 -10 0 0 0 S 0 0.0 0:00.00 kacpid
27 root 5 -10 0 0 0 S 0 0.0 0:00.00 kblockd/0
28 root 5 -10 0 0 0 S 0 0.0 0:00.00 kblockd/1
29 root 15 0 0 0 0 S 0 0.0 0:00.06 khubd
46 root 20 0 0 0 0 S 0 0.0 0:00.00 pdflush
47 root 16 0 0 0 0 S 0 0.0 0:00.02 pdflush
49 root 7 -10 0 0 0 S 0 0.0 0:00.00 aio/0
50 root 7 -10 0 0 0 S 0 0.0 0:00.00 aio/1

Also the RAM test was all clear. (left it running for about 15 min)

Thanks for the help so far.

Logged

mmccarn

2,626
+10/-0

Internet / Mail Stops working

« Reply #7 on: June 08, 2007, 02:56:47 PM »

Maybe we should widen the search for the list of established connections. Try this:

Code: [Select]

netstat -an | grep ESTThe sample you've provided shows lots of DNS queries (UDP connection; remote port is 53), but we only caught them because the supposedly random local port numbers begin with 25 (":2577", ":2585").

If you have RHSBL enabled you may want to turn it off (this is advice I received in the topic I posted earlier)

Code: [Select]

config setprop qpsmtpd RHSBL disabled

JonB, in the same topic, found that the number of DNS queries generated by the RHSBL function was overloading his ADSL "modem" (I'm paraphrasing here...) and talks specifically about problems with "PPPoA" connections (with which I am unfamiliar).

Do you know if the RAM test ran at least one complete cycle in 15 minutes? I've never used the SME RAM test, so I don't know how long it should take.

Logged

mike_mattos

313
+0/-0

Internet / Mail Stops working

« Reply #8 on: June 08, 2007, 08:29:19 PM »

mmccarn said don't 'use default gateway on remote network'

I posted to this thread as an example of killing email and the web site randomly ( as in, no email arrives, people cannot see my web site after I made the vpn connection).

I just looked at the xp connection properties, also remote desktop options and don't see the default gateway option

Logged

...

mmccarn

2,626
+10/-0

Internet / Mail Stops working

« Reply #9 on: June 09, 2007, 06:52:41 PM »

Quote

mmccarn said don't 'use default gateway on remote network'

In Win2k/XP, open the properties for your VPN connection, then open the properties for the TCP/IP protocol (on the 'Networking' tab), then click the 'Advanced' button, then take the check-mark away from 'Use default gateway on remote network'.

With this option selected, windows changes your default gateway as soon as you connect to the VPN in order to route all traffic not intended for your local network to the remote VPN endpoint.

With this option de-selected, Windows will route only traffic intended for the subnet to which your VPN is connected over the VPN - all other traffic will be delivered according to the pre-VPN-connection rules (local network traffic delivered directly, non-local traffic routed to your local 'default gateway').

I apologize for mis-understanding your earlier post; you are completely correct: Odd VPN settings from the server might disable direct IP communications, and odd VPN settings from a workstation running a Dynamic DNS client could prevent email delivery.

Logged

janst

Internet / Mail Stops working

« Reply #10 on: June 11, 2007, 12:49:32 PM »

Quote from: "mmccarn"

Maybe we should widen the search for the list of established connections. Try this:
Code: [Select]
netstat -an | grep ESTThe sample you've provided shows lots of DNS queries (UDP connection; remote port is 53), but we only caught them because the supposedly random local port numbers begin with 25 (":2577", ":2585").

If you have RHSBL enabled you may want to turn it off (this is advice I received in the topic I posted earlier)
Code: [Select]
config setprop qpsmtpd RHSBL disabled

JonB, in the same topic, found that the number of DNS queries generated by the RHSBL function was overloading his ADSL "modem" (I'm paraphrasing here...) and talks specifically about problems with "PPPoA" connections (with which I am unfamiliar).

Do you know if the RAM test ran at least one complete cycle in 15 minutes? I've never used the SME RAM test, so I don't know how long it should take.

Hi Michael,

the following is the netstat output soon after it went down.
# netstat -an |grep EST
tcp 0 55 203.45.252.173:25 124.90.17.108:39065 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.212:4210 ESTABLISHED
tcp 0 0 203.45.252.173:33127 61.9.208.13:5050 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.212:4283 ESTABLISHED
tcp 0 0 192.168.1.1:22 192.168.1.212:4230 ESTABLISHED
tcp 0 0 203.45.252.173:33151 216.17.211.37:80 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.212:4326 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.212:4094 ESTABLISHED
tcp 0 0 192.168.1.1:139 192.168.1.212:4042 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.212:4292 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.212:4289 ESTABLISHED
udp 0 0 127.0.0.2:21632 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:25601 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:44417 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:12418 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:1027 192.0.34.43:53 ESTABLISHED
udp 0 0 203.45.252.173:24067 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:46211 202.12.29.59:53 ESTABLISHED
udp 0 0 203.45.252.173:39427 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:31108 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:24580 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:62212 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:32517 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:48263 192.0.34.126:53 ESTABLISHED
udp 0 0 203.45.252.173:62727 213.199.161.77:53 ESTABLISHED
udp 0 0 203.45.252.173:3463 216.239.38.10:53 ESTABLISHED
udp 0 0 203.45.252.173:59400 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:30601 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:28170 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:59402 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:38283 202.12.29.59:53 ESTABLISHED
udp 0 0 203.45.252.173:37131 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:43403 207.68.160.190:53 ESTABLISHED
udp 0 0 127.0.0.2:17163 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:17164 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:40333 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:24845 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:51854 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:57231 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:39567 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:33936 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:28689 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:20369 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:16145 216.239.32.10:53 ESTABLISHED
udp 0 0 127.0.0.2:19217 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:50065 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:2963 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:53140 192.0.34.126:53 ESTABLISHED
udp 0 0 203.45.252.173:49172 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:26388 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:20372 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:10134 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:50070 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:35223 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:61591 209.85.137.9:53 ESTABLISHED
udp 0 0 127.0.0.2:28823 127.0.0.2:53 ESTABLISHED
udp 0 0 127.0.0.2:31639 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:25367 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:45464 216.239.32.10:53 ESTABLISHED
udp 0 0 203.45.252.173:58649 192.0.34.43:53 ESTABLISHED
udp 0 0 203.45.252.173:21657 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:36121 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:53401 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:53658 147.28.0.39:53 ESTABLISHED
udp 0 0 203.45.252.173:38682 213.199.161.77:53 ESTABLISHED
udp 0 0 203.45.252.173:13852 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:8991 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:1440 193.0.0.236:53 ESTABLISHED
udp 0 0 203.45.252.173:15904 209.85.137.9:53 ESTABLISHED
udp 0 0 127.0.0.2:31393 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:52641 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:23587 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:57379 216.239.32.10:53 ESTABLISHED
udp 0 0 203.45.252.173:20900 193.0.0.236:53 ESTABLISHED
udp 0 0 127.0.0.2:24868 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:65444 213.199.161.77:53 ESTABLISHED
udp 0 0 203.45.252.173:51620 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:55077 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:31909 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:60454 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:60838 213.199.161.77:53 ESTABLISHED
udp 0 0 203.45.252.173:49575 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:2087 216.239.32.10:53 ESTABLISHED
udp 0 0 203.45.252.173:48680 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:53288 216.239.32.10:53 ESTABLISHED
udp 0 0 203.45.252.173:15401 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:18858 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:3242 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:30762 216.239.36.10:53 ESTABLISHED
udp 0 0 203.45.252.173:8107 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:8236 147.28.0.39:53 ESTABLISHED
udp 0 0 203.45.252.173:39213 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:41645 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:44846 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:51374 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:3118 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:62382 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:9264 216.239.32.10:53 ESTABLISHED
udp 0 0 127.0.0.2:57136 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:8241 192.0.34.43:53 ESTABLISHED
udp 0 0 203.45.252.173:58673 193.0.0.236:53 ESTABLISHED
udp 0 0 203.45.252.173:8881 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:59058 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:5170 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:38835 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:37940 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:2869 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:47157 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:43190 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:21944 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:56760 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:36665 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:32953 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:8634 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:55355 213.199.161.77:53 ESTABLISHED
udp 0 0 203.45.252.173:4796 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:25277 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:21310 216.239.38.10:53 ESTABLISHED
udp 0 0 127.0.0.2:33982 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:15422 216.239.36.10:53 ESTABLISHED
udp 0 0 203.45.252.173:22847 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:49471 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:15551 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:1472 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:63425 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:56001 216.239.32.10:53 ESTABLISHED
udp 0 0 203.45.252.173:25027 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:55491 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:38851 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:3396 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:49604 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:57028 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:47941 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:24774 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:46919 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:26311 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:22216 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:37448 202.12.29.59:53 ESTABLISHED
udp 0 0 203.45.252.173:36552 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:58186 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:26699 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:45259 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:1484 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:57036 216.239.32.10:53 ESTABLISHED
udp 0 0 203.45.252.173:37581 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:32334 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:46414 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:58062 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:38224 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:26577 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:33874 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:24147 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:37972 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:10581 209.85.137.9:53 ESTABLISHED
udp 0 0 127.0.0.2:52949 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:7639 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:36823 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:38487 209.85.137.9:53 ESTABLISHED
udp 0 0 127.0.0.2:3031 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:37465 139.91.1.10:53 ESTABLISHED
udp 0 0 203.45.252.173:39001 216.239.38.10:53 ESTABLISHED
udp 0 0 203.45.252.173:11354 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:53978 207.68.160.190:53 ESTABLISHED
udp 0 0 127.0.0.2:13530 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:39131 216.239.38.10:53 ESTABLISHED
udp 0 0 203.45.252.173:55003 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:43227 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:48861 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:56541 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:47069 216.239.38.10:53 ESTABLISHED
udp 0 0 127.0.0.2:57693 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:61278 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:16991 207.68.160.190:53 ESTABLISHED
udp 0 0 127.0.0.2:62047 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:46943 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:49631 64.233.161.9:53 ESTABLISHED
udp 0 0 127.0.0.2:50911 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:64096 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:9313 192.0.34.126:53 ESTABLISHED
udp 0 0 127.0.0.2:61026 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:19298 216.239.36.10:53 ESTABLISHED
udp 0 0 203.45.252.173:55268 216.239.32.10:53 ESTABLISHED
udp 0 0 127.0.0.2:42980 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:60389 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:18661 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:14822 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:48487 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:50535 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:11367 216.239.36.10:53 ESTABLISHED
udp 0 0 203.45.252.173:59368 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:17896 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:34280 216.239.36.10:53 ESTABLISHED
udp 0 0 127.0.0.2:3306 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:42986 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:37611 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:55147 216.239.34.10:53 ESTABLISHED
udp 0 0 203.45.252.173:21355 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:10475 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:60139 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:56172 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:31469 147.28.0.39:53 ESTABLISHED
udp 0 0 203.45.252.173:35309 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:9582 213.199.161.77:53 ESTABLISHED
udp 0 0 203.45.252.173:44910 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:13038 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:25199 72.14.235.9:53 ESTABLISHED
udp 0 0 203.45.252.173:42352 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:25714 192.0.34.43:53 ESTABLISHED
udp 0 0 203.45.252.173:1138 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:47218 207.46.66.126:53 ESTABLISHED
udp 0 0 127.0.0.2:57074 127.0.0.2:53 ESTABLISHED
udp 0 0 127.0.0.2:41458 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:43507 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:53748 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:4469 213.199.161.77:53 ESTABLISHED
udp 0 0 127.0.0.2:50037 127.0.0.2:53 ESTABLISHED
udp 0 0 203.45.252.173:38389 64.233.161.9:53 ESTABLISHED
udp 0 0 203.45.252.173:10102 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:3574 207.46.66.126:53 ESTABLISHED
udp 0 0 203.45.252.173:9718 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:50552 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:23673 66.249.93.9:53 ESTABLISHED
udp 0 0 203.45.252.173:62201 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:20732 209.85.137.9:53 ESTABLISHED
udp 0 0 203.45.252.173:35580 209.85.139.9:53 ESTABLISHED
udp 0 0 203.45.252.173:45564 216.239.38.10:53 ESTABLISHED
udp 0 0 203.45.252.173:41981 65.54.240.126:53 ESTABLISHED
udp 0 0 203.45.252.173:1662 207.68.160.190:53 ESTABLISHED
udp 0 0 203.45.252.173:25470 65.55.238.126:53 ESTABLISHED
udp 0 0 203.45.252.173:59646 64.233.179.9:53 ESTABLISHED
udp 0 0 203.45.252.173:54782 64.233.167.9:53 ESTABLISHED
udp 0 0 203.45.252.173:16255 64.233.179.9:53 ESTABLISHED
udp 0 0 127.0.0.2:60799 127.0.0.2:53

RHSBL has been turned off.
The RAM test was the windows one and does 6 tests which it cycled through about 4 times before I got tired of it.

The thing that beats me is that it is so erratic. BTW I loaded all the SW uploads available. No difference.

I use Telstra who make use of thier hearbeat to check if you are still active on the cable modem and I noticed in the message log
un 11 20:28:45 coastbiz bpalogin[4264]: Timed out waiting for heartbeat - logging on
Jun 11 20:28:48 coastbiz bpalogin[4264]: Logged on as coastbiz - successful at Mon Jun 11 20:28:48 2007

This occurs every seven minutes but when the connection fails then there is no
Jun 11 20:28:48 coastbiz bpalogin[4264]: Logged on as coastbiz - successful at blah blah

But the interesting this is that I do not loose my IP address. If I disconnect the server from the cable modem and re-attach after ten minutes I get a new IP address. Even though I seem to loose connectivity on mail and Internet I still retain the IP address.

What next? much appreciated
Jan

Logged

mmccarn

2,626
+10/-0

Internet / Mail Stops working

« Reply #11 on: June 11, 2007, 01:25:58 PM »

That is a lot of open DNS requests...

Are you located in New Zealand, or could this entry be relevant? http://forums.contribs.org/index.php?topic=34420.0

In this post (in the third paragraph) JonB mentions specific problems caused by his ADSL router being overloaded...

Logged

JonB

351
+0/-0

Internet / Mail Stops working

« Reply #12 on: June 11, 2007, 02:51:43 PM »

Most of those DNS queries are to Google with some to Microsoft. I would check that you do not have a trojan on any of your PC's that may be causing a DDoS atack against Google or Microsoft.

It may also just be Windows Updates talking to Microsoft and Google Desktop phoning home but it is a lot of open DNS queries.

I don't know if the SurfBoard has NAT or PAT but if it does then you may find that making that many queries may tie up resources (cpu, memory) on the modem effectively killing the modem.

Jon

Logged

...

mike_mattos

313
+0/-0

Internet / Mail Stops working

« Reply #13 on: June 11, 2007, 05:26:57 PM »

thanks, mmcarn

the advanced panel has the specific words DIALUP NETWORKING, no intelligent person would confuse DialUp Networking with VPN would they? Oh, just remembered, this is Microsoft, isn't it! The 'If it ain't broke , change it!' company!

Logged

...

janst

Internet / Mail Stops working

« Reply #14 on: June 18, 2007, 12:57:16 PM »

Thanks to all that assisted, especially mmccarn and JonB.
It does seem to have been a Trojan on a PC. Once I removed it, all was back to normal again and running smoothly. Its been a week now with no incidents.
Again much appreciated. I must admit it was

that I hadn't thought of this myself.

Logged