The Mother Board
tcpip.sys d1 error...
Goto page 1, 2  Next
 
Post new topic   Reply to topic    The Mother Board Forum Index -> Networking
View previous topic :: View next topic  
Author Message
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Mon Jul 02, 2012 3:09 pm    Post subject: tcpip.sys d1 error... Reply with quote

so i have a wireless router/modem that verizon gave me when i moved up to fios... never used the wireless part, always kept the radio off. people living in another apt in my building asked if they could feed off my wireless, because they lost their cable modem connection in the last storm that blew thru here. i told them sure, i turned on the radio portion of the router, set up wep, and they got into it fine. now i get BSOD's that mention tcpip.sys quite often on my win7 install on the computer in my sig.
if i start up my xp install, no bsod's, everything works fine.
what gets me is why i have any problems at all... my computer is hooked up wired! why should just turning on the radio in my router cause these issues? anybody see this before?

i should also mention that i changed the wep encryption to wpa2, which i'm guessing is more secure, but i still get the same bsod's. and they usually can happen pretty quick, sometimes even after i've rebooted my machine and not even logged into my profile.
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
Back to top
View user's profile Send private message
evasive
Mobo-fu Master
Mobo-fu Master


Joined: 06 May 2001
Posts: 36705
Location: Netherlands, Breda

PostPosted: Mon Jul 02, 2012 11:37 pm    Post subject: Reply with quote

does it bsod with the network cable out?
what does bluescreenview tell you?
http://www.nirsoft.net/utils/blue_screen_view.html
_________________
We hate rut, but we fear change.



System error, strike any user to continue...
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Tue Jul 03, 2012 4:36 am    Post subject: Reply with quote

it didn't happen with xp running on the same machine. i doubt it would happen with the network cable out. when more than one wireless device is active is when it happens, as right now i can see noone is active besides my wired computer. noone else is online right now.
i did lock down the router to only dish out dhcp to 5 devices, which are all taken by entries (right now it's this machine, my bdplayer, and three wireless devices from upstairs), so maybe it has something to do with someone else trying to get in and since this machine is first in line in the range, the router is trying to take my address away? maybe not because whenever i reboot after a bsod, i could get my old address back.
i guess i should make more room, and see if that solves it.

i like that bsod viewer. i've used nirsofts videocacheview in the past. unfortunately i used ccleaner on my machine last night, and it cleared the dumpfiles that were generated...
but all it said was pretty much exactly what was listed in the example bsod on that nirsoft page.

if it happens again, i'll get that dumpfile.
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
Back to top
View user's profile Send private message
evasive
Mobo-fu Master
Mobo-fu Master


Joined: 06 May 2001
Posts: 36705
Location: Netherlands, Breda

PostPosted: Tue Jul 03, 2012 5:20 am    Post subject: Reply with quote

my feeling is more like some sort of vulnerability being hit by one of their infected machines being on the same LAN so not protected from the NAT in the router that normally would close the port. Are you 100% sure your firewall is running and functional?
_________________
We hate rut, but we fear change.



System error, strike any user to continue...
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Tue Jul 03, 2012 8:25 am    Post subject: Reply with quote

yeah, i was afraid of that (other infected computers).
on my general setting for the router firewall, i am right now using the middle setting by default....

Typical Security (Medium)
Inbound Policy: Reject.
Remote Administration settings will override the security inbound policy.
Outbound Policy: Accept.

there is a checkbox that says "block IP fragments" that is unchecked.

i also notice in my advanced settings under remote configuration that this is checked...
Diagnostic Tools
-Allow Incoming WAN ICMP Echo Requests (e.g. pings and ICMP traceroute queries)
i've now unchecked this.



there's a bunch of other tabs to look at, can you give a clue what else to look for?

i did notice this morning someone logged on with a static ip that was in the range of dhcp. i asked the neighbors about that, and they don't know what i'm talking about.

my computer bsod'd again while i was talking to them, and i am getting the minidump now.
will post soon.
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)


Last edited by bdub on Tue Jul 03, 2012 9:32 am; edited 4 times in total
Back to top
View user's profile Send private message
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Tue Jul 03, 2012 8:31 am    Post subject: Reply with quote

here's my firewall's security log generated by the router. i think this is since the last time i cleared the log, so not a lot in it...
i'm wondering what those ((0.0.0.0) entries are!
the xxxxx's are my main machine. the (192.168.1.x) is my main computer address.
the yyyyy is from a machine usually on the network, but hadn't been logged in for days and is turned off.

Jul 3 12:17:51 2012 Firewall Info User authentication success Username: xxxxx

Jul 3 12:12:28 2012 Firewall Setup Configuration change WBM user xxxxx (192.168.1.x) has changed security settings[repeated 2 times, last time on Jul 3 12:12:33 2012]

Jul 3 12:12:04 2012 Firewall Info User authentication success Username: xxxxx

Jul 3 10:51:37 2012 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings[repeated 2 times, last time on Jul 3 11:28:27 2012]

Jul 3 09:45:05 2012 Firewall Info User authentication success Username: xxxxx[repeated 2 times, last time on Jul 3 10:49:05 2012]

Jul 3 09:30:50 2012 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings[repeated 2 times, last time on Jul 3 09:35:51 2012]

Dec 14 19:00:01 2007 Unknown Unknown Error resolving hostname: "yyyyyy"

Dec 14 19:00:01 2007 Firewall Setup Firewall status changed enabled

Dec 14 19:00:01 2007 System Log Message The system is UP!
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)


Last edited by bdub on Tue Jul 03, 2012 9:29 am; edited 2 times in total
Back to top
View user's profile Send private message
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Tue Jul 03, 2012 8:52 am    Post subject: Reply with quote

crash list ...

Dump File ---- 070312-28250-01.dmp
Crash Time ---- 7/3/2012 12:14:39 PM
Bug Check String - DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code - 0x000000d1
Parameter 1 ---- 00000000`0000001c
Parameter 2 ---- 00000000`00000002
Parameter 3 ---- 00000000`00000001
Parameter 4 ---- fffff880`01a605ae
Caused By Driver --- tcpip.sys
Caused By Address -tcpip.sys+605ae
File Description
Product Name
Company
File Version
Processor x64
Crash Address -- ntoskrnl.exe+7f1c0
Stack Address 1
Stack Address 2
Stack Address 3
Computer Name
Full Path ---- C:\Windows\Minidump\070312-28250-01.dmp
Processors Count - 2
Major Version ------ 15
Minor Version ------ 7601
Dump File Size ---- 274,256
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
Back to top
View user's profile Send private message
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Tue Jul 03, 2012 11:13 am    Post subject: Reply with quote

just had another bsod, same values... it seemed to happen soon after the neighbors computer with a mac address starting with c8 logged in. all other mac addresses start with 00. could addresses with c8 belong to an apple computer?
it's not the ip address that is static though.

firewall log shows this, which happens concurrently with c8: logon...
Jul 3 14:48:19 2012 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings

bsod occured at 14:56...
here's the router's system log from around that time...

Jul 3 15:07:04 2012 System Log Message estream: Cannot read from fd 26 Connection reset by peer(131)
[repeated 3 times, last time on Jul 3 15:16:03 2012]

Jul 3 14:58:55 2012 System Log Message Unable to change DSCP of icmp socket to value 0 for ping Socket operation on non-socket

Jul 3 14:57:57 2012 System Log Message estream: Cannot read from fd 26 Connection reset by peer(131)

Jul 3 14:48:18 2012 System Log Message Cannot find cache entry for mac 00:21:e9:dd:eb:0e ret=-1
[repeated 2 times, last time on Jul 3 14:48:18 2012]

Jul 3 14:48:10 2012 System Log Message hostapd: ath0: STA c8:bc:c8:cb:32:04 WPA: pairwise key handshake completed (RSN)

Jul 3 14:48:10 2012 System Log Message 11: associated

also noticed that in my firewall under port triggering there was this...

Protocol
-L2TP Triggering - Layer Two Tunneling Protocol
Outgoing Trigger Ports
-UDP Any -> 1701 UDP
Incoming Ports to Open
-Any -> Same as Initiating Ports

and
Protocol
-TFTP Triggering - Trivial File Transfer Protocol
Outgoing Trigger Ports
-UDP 1024-65535 -> 69 UDP
Incoming Ports to Open
-Any -> Same as Initiating Ports

i never set these triggers, and i always assumed they were there by default. but now i've unchecked them.
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
Back to top
View user's profile Send private message
evasive
Mobo-fu Master
Mobo-fu Master


Joined: 06 May 2001
Posts: 36705
Location: Netherlands, Breda

PostPosted: Tue Jul 03, 2012 10:56 pm    Post subject: Reply with quote

there's 8 minutes between the logon (14:4cool of the c8 machine and your crash (14:56) which is neatly picked up by your router (connection reset by peer at 14:57).

Now you have the dumpfile you should be able to run a debugger over it. If you don't have that one ready, send the zipped .dmp files to my email address under the button, I'll see if i can track back what caused tcpip.sys to fall over. More than likely it is a network-related program such as the network module of anti-virus software/toolkit/firewall/monitoring/config that is a bit buggy and reacting allergic to something from the other machines...
_________________
We hate rut, but we fear change.



System error, strike any user to continue...
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
bdub
Black Belt 3rd Degree
Black Belt 3rd Degree


Joined: 19 Feb 2003
Posts: 3450
Location: Washington D.C.

PostPosted: Wed Jul 04, 2012 6:11 am    Post subject: Reply with quote

unfortunately, i ccleaned again, losing the dump... but thanks for the offer.
neighbors are gone for the rest of the week, and radio is now off.

your perception that it might have something to do with my A-V protection is something i have been reading a bit about, and it is very possible it had to do with that.

i still wonder about those triggers that were in the router....
the "trivial file transfer protocol" and the "l2tp triggering"
...are they something that this router defaults with for some services that are common?

the (0.0.0.0) entries that were supposedly changing security settings, i think they had something to do with what the router is doing itself.

i noticed that when i changed the firewall setting to the elevated setting beyond "typical", that i could not send emails in that setting.

is the WAN ICMP echo request check box something i need? doesn't seem to affect anything since unchecking it. does that just stop outside addresses from pinging the router?
_________________
my main rig...
asrock 970 extreme3
AMD athlonII X3 440
zalman cpns5x performa hs/fan
crucial ballistix 2x4gb sport ddr3-1333
powercolor ax7750 1GBK3-H vga
antec neo he 650r
seagate 500GB 32M cache
toshiba 2TB HDD 64M cache sata3
seagate 1TB HDD 64M cache sata3
hitachi 2TB HDD 64M cache sata3
lg wh14ns40 bd burner
optiarc ad-7240s sata dvdrw (nec chipset)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    The Mother Board Forum Index -> Networking All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group