 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Thanks Derek -
This is getting more and more interesting --
usually a discouraging sign.
I've interspersed answers/comments below.
One new piece of info -
I have telnetd running on a machine on the internal
lan. I used to be able to telnet to it
from the w2000 machine. No longer.
I'm convinced at this point that the IP stack
has been hijacked somehow, probably by
kazaa or something similar. (See end note).
My plan now is to make a copy
of the registry (for postmortem analysis) then reformat/reinstall.
Thanks
Steve
> > socket (dg) failed: No error
> > SendRequest failed
> > *** Can't find server name for address 4.2.2.1: No response from server
> > ------------
>
> Clearly, you're not able to contact the DNS server for some reason.
> My first guess was your gateway was not set up properly, but you say
> you can ping outside hosts by number. Can you traceroute to 4.2.2.1?
Yes, from the linux computers. But it's a little wierd!
If I traceroute to any generic host (eg, www.yahoo.com)
The last line of the traceroute is that machine -- eg, here's a snipped
version --
[root at rio root]# traceroute www.yahoo.com
traceroute: Warning: www.yahoo.com has multiple addresses; using 64.58.76.225
traceroute to www.yahoo.akadns.net (64.58.76.225), 30 hops max, 38 byte packets
1 horne (192.168.1.1) 0.872 ms 0.629 ms 0.600 ms
...
16 vl43.bas1.dcx.yahoo.com (216.109.120.190) 55.611 ms 52.862 ms 58.783 ms
17 w4.dcx.yahoo.com (64.58.76.225) 64.664 ms 67.570 ms 53.933 ms
note address (64.58.76.225) matches.
But, traceroute to 4.2.2.1 ends
...
14 vlan40.cartnj1-dc1-dfa1-rc1.bbnplanet.net (128.11.201.67) 24.621 ms 24.684 ms 20.288 ms
15 cartnj1-snsc1.gtei.net (128.11.184.8) 22.600 ms * 40.262 ms
Where's 4.2.2.1?
If I do the traceroute from a different machine (at mit) I get
...
13 p7-0.mtvwca1-dc-dbe1.bbnplanet.net (4.24.9.166) 78 ms 78 ms 79 ms
14 vlan40.mtvwca1-dc1-dfa1-rc1.bbnplanet.net (128.11.193.67) 79 ms 78 ms 78 ms
15 vnsc-pri.sys.gtei.net (4.2.2.1) 79 ms 78 ms 78 ms
which looks right.
If I check resolv.conf on the firewall,
ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 109 Mar 11 19:48 /etc/resolv.conf
(up to date)
It contains
search ne1.client2.attbi.com client2.attbi.com attbi.com
nameserver 204.127.202.19
nameserver 216.148.227.79
Now I can ping these from all machines on the LAN -- but I can't
do traceroute to them. Neither can the MIT machine.
(Traceroute spews * * *).
>
> Make sure you're not blocking port 53, both UDP /AND/ TCP. If memory
> serves, the W2k DNS resolver uses TCP a lot more often than it is
> supposed to. Many people forget to open the TCP port, and only open
> the UDP port. This could kill you dead.
Presumably this would disturb at least one of {w95,xp,linux} ?
All work fine. Is there an explicit way to
demonstrate that a port is open? Firewall rules say it is.
>
> > > 3. Does the W2K laptop (and the other machines on your LAN) have a
> > > current HOSTS file? Be sure all the machines have the same file!
> >
> > Now this is interesting.
>
> No, not really. The hosts/lmhosts file is like /etc/hosts, but (much
> like /etc/hosts) it is only needed if your machine does not have DNS
> set up properly, or for some hostnames which can not be resolved via
> DNS. This should not affect the proper operation of DNS in any way...
>
True - but it would be nice if I could tell w2000 the names of the
other machines on the lan. Not related to current panic.
RE the kazaa-spyware connection ---
googling "kazaa dns 2000" found this site
http://www.mobilmultimedia.com/writeups/Spyware.htm
which doesn't address w2000 directly but
is an interesting read nonetheless.
Steve
>
> - --
> Derek D. Martin
> http://www.pizzashack.org/
> GPG Key ID: 0xDFBEAD02
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE+dJexHEnASN++rQIRArrTAJwLzB+8upqpbY3LTq/r82IIcfCh0gCgs8lS
> 3XE8cTvzu9fhmFnxpJGF3hg=
> =N+T7
> -----END PGP SIGNATURE-----
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
