DDoS/Switch Overload?

[gemmaknight]

Just want to see if anyone has experienced this before.

 

I work in an office that has their network setup with a SonicWall Routing to a 24 -port (Trendnet I think). The network consists of:
13 computers for clerical work
2 all-in-one printers
2 servers (1 server being the main server where work is operated off of, and 2nd server is present as a backup)

Lately, I have been noticing that whenever one of the computers starts a Windows 10 update, it may end up failing. It may crash (with Your PC ran into a problem message) and ends up stuck on this screen or on the Windows Update screen.

 

After an elapse amount of time, we notice the network failing too. Internet is not accessible. Our access to the local server is not accessible. The switch activity light when viewed appears to be more active than any other ports and always corresponds to the computer that crashed or is hanging in the Windows Update. When we disconnect the ethernet cable to the crashed computer, network access is restored and internet access is restored.

 

I have notify the business owner of this and that it's best to get an IT opinion and assessment of this and possibly budget to replace this machine. However, the business owner does not want to take this action.

This is really for my curiosity sake now to learn more about troubleshooting a network. I haven't really seen this before and I'm not sure what the proper terms to describe this issue is. I can only speculate that the crash Windows machine is essentially DDoS'ing the network and overloading the switch? I'm not sure if I am using these terms correctly but hopefully someone can provide their opinion and expertise

[Sir Asvald]

Couple of questions:

1. Is the switch a gigabit or fast-ethernet? (100mbps)
2. what are the system specs for the PCs and what OS?
3. what are the internet speeds? download and upload?
4. what OS do the servers use?

 

 

[gemmaknight]

1. I believe it's a 10/100 Mbps Switch

 

2. PC specs are not consistent and varies unfortunately. There's a set of PCs that are Windows 10 (upgraded from Windows 7), 6Gb DDR3 ram, Intel i3 or i5 processor. Unfortunately I do not know which generation or which processor specifically. The office uses a mixture of Windows machines.

There are other PC workstations that Windows 7 and I think there's one Windows 8 machine that is using...an Atom Processor.

3. I am not involved in the aspect of managing the business' internet, but I do believe it's Shaw's Business  up to 150MBps downstream/ up to 20MBps upstream.
4. The servers are a Ubuntu servers are running Ubuntu 14.04

[MWaldhauer]

Try disabling Windows 10 P2P updates, traffic probably overloads the switch CPU if its an old 100Mbps switch

[Levisallanon]

is it a managed switch? If so you might be able to activate SPAN and mirror the traffic to another computer where you can use wireshark to see what is actually being send.

[Lurick]

Is there anyway someone could have connected two ports together to create a loop?

Certain protections should have taken care of that but it's possible someone disabled them for some reason, or they are off by default. Check spanning tree and loop guard.

[Highflow]

For so many pc`s and stuff in a office its just insane to not upgrade this switch , with a managed switch you can setup so much safety...

and block pc`s access to other pc`s if not needed and so on ,

The whole office will have provide of this, tell your boss that time is money, than they usually try to listen.

[wackymole]

I just experienced this bizarre bad Window's update spam attack. It completely brought the network to its knees. DDoS'ed the whole network. It was incredible, I have never seen something like this on a switch. A 24 port Linksys Gigabit switch. The computer had a black screen on it and when I rebooted it it went though a constant reboot cycle. --Anyway a strange event. I think the cause of the spam could be the P2P updates as well.