Windows XP SP3 Causing Router Crashes

KrispyBytes writes "Windows XP SP3 has been named as the culprit causing home routers to go into a crash and reboot cycle. One router maker has released firmware updates to fix the problem, but has not yet revealed what is actually different about XP SP3's networking stack or UPnP behaviour that causes the problem. Router maker Billion Managing Director Raaj Menon said "as Microsoft plans to make Windows XP SP3 an automatic upgrade this month, the number of affected routers may increase significantly.""

Not surprising

[noidentity (188756)]

Windows XP SP3 has been named as the culprit causing home routers to go into a crash and reboot cycle.

Not surprising Windows causes that when installed on a router, considering it also makes PCs go into a crash and reboot cycle when installed on them.

Re:Not surprising

[by Anonymous Coward]

Lets not jump to blame this on Windows. It could be that Windows isn't doing anything wrong, just something the router should be able to handle, but can't. We can point fingers when we know what the actual issue causing the router problems is.

Re:Not surprising

[negRo_slim (636783)]

Lets not jump to blame this on Windows. It could be that Windows isn't doing anything wrong, just something the router should be able to handle, but can't. We can point fingers when we know what the actual issue causing the router problems is.

Ya know I agree, as I've had SP3 installed in one form or another for some time now. With nary a problem... Can't even remember the last time I had to cycle my linksys befsx41. Besides I fail to see why a router should ever be affected to such a degree by a computer on it's network. Really does sound like flawed workmanship.

Re:Not surprising

[thetoadwarrior (1268702)]

While my router is working fine, my Windows laptop's shares fail to show up on my other machines and this happened straight after installing SP3 and all my settings imply nothing has changed. I just need to get another Windows machine in here to see if it's only being ignored by Linux machines.

Maybe it's a coincidence and maybe it's not. The only way to know for sure is if Microsoft honestly comments on it.

Re:Not surprising

[hairyfeet (841228)]

Weird. Not having a problem here,but here are a few suggestions. Are you using the "simple file sharing" in XP or standard? Because I have seen simple file sharing get boned after an update. You can usually fix by unsharing the folders,rebooting and then resharing. If you aren't using the simple file sharing or are having trouble still,check the folder permissions. I have also seen updates bone the file and folder permissions. I'd say a good 80% on machines I've had to deal with resource sharing problems it would be one of those two. The rest usually come down to routing and firewall issues. Can you ping the machine? See it on the network? If so I would lean sharing and folder permissions issues.You also might want to try typing secpol.msc into the start/run dialog and then going to security options and scrolling down to LAN Manager Authentication level and making sure it says "Send LM & NTLM responses" and not "NTLMv2 responses only". Anyway I hope this helps and as always my 02c,YMMV

Re:Not surprising

[Paul Jakma (2677)]

The parent poster shouldn't be modded informative. Their post is a jumble of random network related terminology (several of which have 0 bearing on home routers) into information-less sentences. E.g. *BGP* or IOS on a home router? "Cache tables" (did the poster misremember hearing someone say "hash tables"?). The crowning glory though:

"Spanning tree malformations can do it".

The parent is either a wickedly funny troll, or an ignorant parrot. I just can't make up my mind..

Re:Not surprising

[RobertM1968 (951074)]

See though, here's the thing... who do you blame?

In a way it is (caused by) SP3... (because) of something the router cannot handle.

So, it raises a few better questions than the ones being raised here (the blame game):

- (ROUTER'S FAULT) Why can't the router handle whatever type of traffic - and should it? At the very least, as a possible attack vector for routers, shouldn't it?

- (NOT NECESSARILY SP3's FAULT, BUT STILL AN ISSUE) Why is SP3 generating such traffic? What type of traffic is it generating? Could this traffic be considered (or detected elsewhere as) a DOS attack of some sort? (We do know that enough SYN packets will crash various routers - even high end ones). What is SP3 actually attempting to do (regardless of HOW, the more important questions are WHAT and WHY).

So, while the router may be at fault for the behavior due to the type of traffic, SP3 is at fault for generating traffic of a nature that is not needed (in any way I can think of) to utilize the Internet... and considering some of the new ad and update and spyware and DRM technologies that MS is trying to bring over to XP (see previous /. articles, various MS patents and more regarding their search plans, "Live" product plans and more)... is this traffic not just flawed, but totally unwanted and intrusive? Or is it simply a screw-up on MS's part that happened to indicate vulnerabilities in various routers?

See the thing is, the reasons MS has such code creating such traffic may be important (or simply a screw-up)... but regardless of that, it showed vulnerabilities in various routers... but regardless of that, it also showed some sort of traffic that SP3 generates that may also be the cause of other routers (that arent affected adversely by such traffic) detecting as an attack of some sort, causing all sorts of other issues (for instance, a subnet or port being shut down to block the traffic).

Think how wonderful that would be if it was at a large company, medical institution, school, EMS station, etc... where all their machines were on a NAT network, and one of them that got upgraded to SP3 suddenly got their single shared IP blocked from the Internet.

So, I think there may be plenty of blame to point at both MS and the router manufacturers...

But the sad thing is, (and I am loathe to say this on /. where I am expected to make judgements based off little or no facts), until enough facts come out (showing what type of traffic, why the traffic is being generated, and what unaffected routers do when they receive the traffic), the only blame so far is:
- MS for doing something (traffic wise) that no other device or OS manufacturer seems to have ever done before.
- The router manufacturers in question for having an implementation that is not robust enough to survive such traffic without crashing.

Re:Not surprising

[Malevolyn (776946)]

Let's hope the mods come to their senses.

You must be new here.

Re:Not surprising

[peragrin (659227)]

I never use crack when i mod.

I much prefer weed and alcohol. far cheaper and it makes you spaced out enough that even the AC become funny.

Before anyone goes on a MS rant

[Gregb05 (754217)]

A computer on the network should not be able to crash the router. This is a problem with the manufacturing of the routers, not anything in particular with SP3. This problem could have arisen in any OS. The fact that it appeared with SP3 is irrelevant. I return you to your MS bashing.

maybe, maybe not

[frovingslosh (582462)]

I agree that no router should crash based just on packets it passes. But there are a few issues here. If SP3 is causing something akin to a DOS, and a router's tables are filling up due to bad packets, it might very reasonably decide that things are so bad that the best thing for it to do is a reset. We don't blame the router maker when an external DOS attack interrupts Internet access, why blame it if the DOS is from Microsoft software on the inside?

And there is also the potential issue of this being UPNP related. UPNP is a completely bogus thing, but Microsoft strong armed the industry to support it and it's in most routers and many users don't know to disable it. UPNP could certainly give ways to cause this issue, and I only hold the router itself responsible to the extent that it supports this blasphemy.

Re:Before anyone goes on a MS rant

[Jugalator (259273)]

True but it takes two to tango

Yes, it wouldn't have happened without the "help" of SP3 in this case. That being said, with the relevant information not released here, it's not certain SP3 is doing anything inherently wrong according to the networking standards. Testing SP3 on all hardware configs is additionally nothing one can expect Microsoft of doing.

Re:Before anyone goes on a MS rant

[John Hasler (414242)]

> It is the manufactures fault that thier crashing, but this bug wouldnt be seen if xp was
> behaving correctly.

Nonsense. Any router that can be crashed by anything that a computer connected to it does has a critical bug and should be recalled immediately.

Re:Nah...

[cnettel (836611)]

If you can crash the router, you have a possible DDoS attack. If you can do it on the WAN port, it would certainly be a flaw in the device. Depending on the crashing behavior, it is also possible that this is actually an exploitable path that could be used to permanently reflash the router for malevolent purposes.

Re:Before anyone goes on a MS rant

[jellomizer (103300)]

However... If they find out what causes the router to crash with SP3 then all it will take is someone to duplicate the information sent and crash the router again and again. If the router crashes is has to be the fault of the router not of the OS, as other routers don't crash. As well as a poorly designed website. If your web browser crashes from a badly made website then it is the web browsers faults. Your argument only really holds true in cases of custom designed software where the sender of the data will need to agree to send the data in the correct format as well the receiver agrees to get the data in the correct format. And still even in that case a good program will be able to atleast say something is wrong, vs. it crashing.

Re:Before anyone goes on a MS rant

[Sleepy (4551)]

>just like a website should never crash a browser it is relevent that the OS/website is abusing the specifications soo badly to cause the crashes.

All browsers MUST expect garbage input, and pretty much anyone who expects otherwise has their head in the sand, and shouldn't go NEAR code. Document formats don't run in local memory and do not have system access - they're interpreted structures. If a browser crashes, it's the browser's (or it's plugins) fault, 100% of the blame 100% of the time. At worst, you should expect degraded-looking content and that's that.

I don't mean to be snarky, but your argument couldn't be more wrong or inappropriate. With networking, you're pretty close to the physical layer (not a great analogy, but browser code is far removed from traffic and is just a local representation, a user application).

We don't know yet what this is caused by. If it is affecting a lot of routers, it might very well be a "DOS". Or it could be something that holds too many connections open, or IP6 traffic that doesn't go anywhere and ties up the router table till it times out.

This could happen to Linux also, but it's less probable -- it's be code put out in the wild, and the distro's would do their own QA process, and may hold back. Most distros don't run kernel.org kernels, but their own patched tree.

Re:Before anyone goes on a MS rant

[by Anonymous Coward]

Lets make this easier and flat out assume XP's UPnP implementation was intentionally designed to crash the largest number of routers on the planet in a clever bid to raise Vista sales.

Even with this unlikely assumption in play it would still be 100% the fault of the router for crashing.

Re:Before anyone goes on a MS rant

[Kjella (173770)]

Between having a security hole that allows denial-of-service attacks and sending some slightly mangled packets, I'd go about 98-2% to the router manufacturers on this one. That is assuming the packets are actually mangled, which isn't proven. I wouldn't care how broken a web page was, if Firefox crashes then it's Firefox's fault (or extensions/plugins, but that's a different issue). If you came and said "While it's true that the browser shouldn't crash in any circumstances, Apache would certainly deserve bashing if it's a result of them violating the specs and sending out mangled web pages." I think people would laugh. Assume the input data is crap, that applies equally everywhere and any software that can't handle that is poor software.

Re:Before anyone goes on a MS rant

[postbigbang (761081)]

Everyone wants a bulletproof, but quickly reacting app. Sometimes you can't have both. You can build parsers that vet web pages for sanity sake (or just look for malware as some plugins do), but they'll slow down even the fastest clocking machines; the insertion loss of the parser will be like putting a foot on the garden hose.

Routers and layer 2/3 bridges have to react at wire speed, and therefore have lean, racing engine code with only the barest of exception handlers. Inside the code are lots of routines that have to react to protocol changes related to table building. Screw up those tables even legally (according to the obscurities of even well-known protocols) and the routing/bridging device will behave badly, even to the point of apparently not working. It's happened before, and will happen again. Is it XP3? No one knows yet.

The next update of will likely fix the problem; likely it would arrive before a Microsoft fix, and it would be more effective to fix the crashing device than go after all possible XP SP3 users. Sadly, once in the 'wild', it's the router vendor's problem rather than Microsoft's, no matter who is to blame for the original mistake.

Blaming the wrong programmers

[Jeffrey Baker (6191)]

Shouldn't the title of this post be "Shitty router programming causing router crashes"? It should matter what type of garbage come off the wire, the router must be able to handle it all without error.

Re:Blaming the wrong programmers

[Jugalator (259273)]

Agreed. If SP3 can do this unintentionally, imagine what the series of communicated data with the routers can do if a malicious writer now reverse-engineer whatever SP3 is doing, and would spread a time-triggered virus, for example. These kind of hardware issues are never good.

Re:Blaming the wrong programmers

[yomegaman (516565)]

The "article" is just a reprinted press release from Billion. Of course they blame SP3, since the alternative is admitting their products are buggy pieces of junk.

What if I was the other way around?

[ccguy (1116865)]

If an upgrade to a router caused Windows to enter a reboot cycle would we be blaming the router manufacturer or Microsoft?

So...

[laurent420 (711504)]

Windows is a DOS?

Crashes Netgear MR814v3

[ROMRIX (912502)]

I've been wondering what the hell has been going on with my conne

Works for me, and probably for you

[Ethan Allison (904983)]

It only affects the "Billion BiPAC 5200" series.

I've never used one, never seen one, never heard of one, and you haven't either. Odd how the summary fails to mention that the problem is only with this obscure model...

Same as Vista

[Enderandrew (866215)]

SP3 borrows a Vista feature (presumably the same code) to detect "Router Black Holes".

From http://www.winsupersite.com/faq/xp_sp3.asp [winsupersite.com]

"Black hole" router detection algorithm. XP gains the ability to ignore network routers that incorrectly drop certain kinds of network packets. This, too, is a feature of Windows Vista.

Buggy Routers

[John Hasler (414242)]

Any router that can be crashed by anything that any of the computers connected to it do is seriously buggy. This is not Microsoft's fault.

Since I use Vista

[Clockwurk (577966)]

I don't have this problem.

Re:Since I use Vista

[Lennie (16154)]

You however have other problems I'm guessing. ;-)

Router Trouble.

[fuzzyfuzzyfungus (1223518)]

As some have said, if a machine on the network can crash the router(short of violating physical specs for things like ethernet voltage and polarity), then the router has Issues.

What I don't understand is why so many of your basic 4 ports lan, one port wan, and an antenna type routers have such lousy firmware. I understand that the hardware is built right down to price, and isn't going to be exciting; but software is a different matter. There are really only a few chipset variations in general use, OpenWRT supports most of them and provides a solid and extensible foundation. ddWRT is less extensible and flashier, still solid. Tomatoe is out there as well. In a world where people are literally giving high quality router firmware away, how can anybody ship a router with bad firmware?

Crappy router.

[fluffy99 (870997)]

Billion makes crappy knock-off routers, that were crashing or not working long before XP SP3 was released. Perhaps XPSP3 does do something different with uPNP, but that's not where the blame needs to be assigned. As an aside, uPNP is a crappy idea. Do you really want your OS and any programs (malware included) to have the ability to change your external firewall?

NAPT != Firewall

[Luke-Jr (574047)]

uPNP configures port forwarding for a NAPT (aka NAT) router. NAPT/NAT is *not* a firewall, and should not be treated like one. Its sole purpose is to translate addresses and ports (Network Address and Port Translating) between the internal and external networks. It is not meant to protect computers on either end from each other. uPNP facilitates the NAPT job by giving applications an easy way to automate the needed port forwarding for the WAN->LAN direction. If you want a firewall, get a real firewall.

Correlation != causation

[catscan2000 (211521)]

It sounds like the Billion router's firmware had a really bad bug that happened to be poked by Windows XP SP3. Unless if this was in a third party library or some external code that they were using, I wouldn't be surprised if this was limited to just Billion routers.

XP SP3 didn't _cause_ the bug; it merely happened to recreate a condition that triggered a bug inside the router to crash itself. :-)

I installed SP3

[LM741N (258038)]

and now women won't go out on dates with me anymore. ....ok, they wouldn't with Service Pack 1 or 2 either, so I'm now trying Vista.

Re:I installed SP3

[DavidD_CA (750156)]

Judging by most of the people here, you won't have any better success with Ubuntu or SuSe either.

You might try Mac OS. Or at the least, get an iPhone and use it liberally while in public.

Here's the technical reason

[by Anonymous Coward]

Quote from their website:

"After detail analysis, we found that Windows XP SP3 sent out the DHCP packet with the Option 43 data (include Microsoft's 'Vendor Specific Information'), but Windows XP SP2 sent out the DHCP packet without the Option 43 data. However, the Option 43 data is not compatible with Billion's original definition, so it will cause this problem. The affected firmware versions of BiPAC 5200 series are 2.9.8.x and 2.11.0.x~2.11.33.x. There is no impact to BiPAC 5200 series if the firmware is 2.10.x.x. Please check Appendix A for checking your current firmware version."

http://au.billion.com/downloads/Notice-Billion-5200-series-via-Windows-SP3.pdf [billion.com]

Re:Here's the technical reason

[Richard_at_work (517087)]

Just to clarify the parent posters information, Option 43 (Vendor Specific Information) is a valid but optional part of the DHCP spec, covered in RFC 2132, part 8.4. A server not equipped to handle the Vendor Specific Information must ignore it.

Re:Here's the technical reason

[Todd Knarr (15451)]

That doesn't make sense, though. Option 43 is sent by the DHCP server to the client. In this case the SP3 machine is the client and the router is the server. It's the server's responsibility to correctly format the vendor-specific data according to the vendor's spec, but the SP3 box shouldn't be the server in the scenario in question.

Not MS to blame

[Opportunist (166417)]

As much as I hate defending the Redmond Computer Virus (tm), that's the router's fault.

Now, if SP3 created nonstandard packets that most routers still swallow but a router drops because they don't work to spec, blame MS. If the router replied with a bogus message to said nonstandard packet that locked up XP, blame MS. But a router HAS TO be able to accept a bogus packet. It may drop it, report it or if it feels like it send it on a roundtrip in hope that some machine can figure out what it's about, but it may NEVER crash due to it.

I hope I don't have to mention the security implications of this.

one model from one manufacturer

[confused one (671304)]

This only affects one model (BiPAC 5200) wireless broadband router, from one manufacturer (Billion), who's firmware has a bug. The model in question is found in Australia and Europe. A firmware update is available for download. End of story.

Re:Maker?

[Neuropol (665537)]

One router maker has

I think you meant manufacture

i think YOU meant manufacturer

Re:Other Glitches?

[oz_paulb (617486)]

I have to agree.

I updated to SP3 yesterday, and now my microwave stopped working.

Coincidence? I think not!

Re:Other Glitches?

[Hankapobe (1290722)]

I have to agree. I updated to SP3 yesterday, and now my microwave stopped working. Coincidence? I think not!

And I have heart burn....Hmmmm, I think you've discovered something here!

apples to oranges

[spazdor (902907)]

Did the hardware manufacturers all just write flawless Linux drivers and buggy Windows ones?

Or did Linux developers just go a step further than Windows did, and take it upon themselves to make sure that hardware works properly on their OS?

Re:Other Glitches?

[couchslug (175151)]

"Second, the USB ports on my HP Port Replicator xb2000 (I believe) no longer function."

Boot a live Linux CD such as Knoppix and see if it works. It's a handy way to swap OS for testing.

Re:What if the router ran Linux?

[pembo13 (770295)]

There hardly any comments yet. Most are defending Microsoft. Who is this "we" that are flaming msft?

Re:Oh brother...

[spazdor (902907)]

is a coincidence, or just completely made up

Unlikely, given that the OP mentions that at least one manufacturer has fixed the problem with a firmware update. You can't really write software to fix a problem until you've figured out what the problem is.

You're right though, a properly hardened router will keep ticking regardless of what's plugged into it. Mostly. [fiftythree.org]

Re:Glad I disabled auto-updates

[afidel (530433)]

I'm more glad I disabled uPnP, it's a very poorly designed spec with even crappier real world implementations. It's about the most bug-prone technology I know of.

Re:Glad I disabled auto-updates

[Ihmhi (1206036)]

Right, until a "critical security update" turns that option right back on. Better to just turn off Automatic Updates and disable Security Center in Administrative Tools > Services so it stops whining about your computer "not being protected".