Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NT 4.0 WINS is kicking my tail

Status
Not open for further replies.

captnstiles

IS-IT--Management
Oct 15, 2002
59
US
NT 4.0 Wins Issue is kicking me in the tail. I am blocking port 137 on my firewall, yet my WINS server picks up a 1.x.x.x address and adds it to the server database. I can not tell you how many times I ahave deleted the server yet it keeps coming back. ANy thoughts????
 
Do you have multihomed servers? ie a server with 2 nics? if the binding order is incorrect you may have these kind of problems.

Gary
 
No multihomed servers here. I have looked closely at the logs on my firewall and found that when I click on that server in WINS db, it try's to go to the internet. Ideleted both servers in WINS and add the one, them 2 min. later that 1.x.x.x reappears. This is a wolf in sheeps clothing.
 
Do you have any servers with double nic's installed? one of which may be unused? I have found in the past that admins may enable protocols on unused nics and give "dummy" ip addresses to the nic...
If TCP is enabled and bound on this unused nic it may be registered in wins. You are seeing the firewall logs because your routing is configured to route 1.x.x.x. via your firewall but this does not mean that the server has been registered from the outside.

I would check for unused nics which have been assigned dummy ip addresses.

Gary
 
Do you have any servers with double nic's installed? one of which may be unused? I have found in the past that admins may enable protocols on unused nics and give "dummy" ip addresses to the nic...
If TCP is enabled and bound on this unused nic it may be registered in wins. You are seeing the firewall logs because your routing is configured to route 1.x.x.x. via your firewall but this does not mean that the server has been registered from the outside.

I would check for unused nics which have been assigned dummy ip addresses.

Gary
 
Make sure TCPIP is top of the list in the binding orders,
Then remove the strange server address from WINS manager then restart
 
I would check my clients machines. You may have a client out there registering the address.

What type of service does the WINS entry register/indicate?

Did you filter on the registered machine name to determine if there is another client with the same name?

Someone could have two nics in there hardware and not be aware of the problem.

Do you have users with Laptops used in other environments?

If you have a sniffer, you can try and find out the MAC address of the registering machine. Then this will allow you to search your switches to find the MAC in the MAC tables, or CAM for Cisco switches.

Just a few suggestions.

Hope this helps.

Bob


BTW--The reason it keeps trying to go out your firewall is because of the default route on the routers. Since the 1.x.x.x network does not exist on your network, it will forward the packets out to the internet, e.g default route.
 
Thanks for all of your suggestions. After digging deeper it was an application/database (SYBASE)that is causing this issue. After uninstalling the SYBASE I still have it and will try to make sure the binding order is correct. Will keep you posted.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top