Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

odd DNS failure in w2000? Kazaa/spyware?

Thanks Derek - 
This is getting more and more interesting -- 
usually a discouraging sign.
I've interspersed answers/comments below.

One new piece of info - 
I have telnetd  running on a machine on the internal
lan.  I used to be able to telnet to it
from the w2000 machine.  No longer.

I'm convinced at this point that the IP stack
has been hijacked somehow, probably by
kazaa or something similar. (See end note).
My plan now is to make a copy
of the registry (for postmortem analysis) then reformat/reinstall.


> > socket (dg) failed: No error
> > SendRequest failed
> > *** Can't find server name for address No response from server
> > ------------
> Clearly, you're not able to contact the DNS server for some reason.
> My first guess was your gateway was not set up properly, but you say
> you can ping outside hosts by number.  Can you traceroute to

Yes, from the linux computers. But it's a little wierd!

If I traceroute to any generic host (eg,
The last line of the traceroute is that machine -- eg, here's a snipped
version -- 

[root at rio root]# traceroute
traceroute: Warning: has multiple addresses; using
traceroute to (, 30 hops max, 38 byte packets
 1  horne (  0.872 ms  0.629 ms  0.600 ms
16 (  55.611 ms  52.862 ms  58.783 ms
17 (  64.664 ms  67.570 ms  53.933 ms
 note address ( matches.

But, traceroute to ends
14 (  24.621 ms  24.684 ms  20.288 ms
15 (  22.600 ms *  40.262 ms


If I do the traceroute from a different machine (at mit) I get

13 (  78 ms  78 ms  79 ms
14 (  79 ms  78 ms  78 ms
15 (  79 ms  78 ms  78 ms

which looks right.

If I check resolv.conf on the firewall, 
 ls -l /etc/resolv.conf
-rw-r--r--    1 root     root          109 Mar 11 19:48 /etc/resolv.conf
(up to date)
It contains


Now I can ping these from all machines on the LAN -- but I can't
do traceroute to them.  Neither can the MIT machine.
(Traceroute spews * * *).

> Make sure you're not blocking port 53, both UDP /AND/ TCP.  If memory
> serves, the W2k DNS resolver uses TCP a lot more often than it is
> supposed to.  Many people forget to open the TCP port, and only open
> the UDP port.  This could kill you dead.

Presumably this would disturb at least one of {w95,xp,linux} ?
All work fine.  Is there an explicit way to
demonstrate that a port is open?  Firewall rules say it is.

> > > 3. Does the W2K laptop (and the other machines on your LAN) have a 
> > >    current HOSTS file? Be sure all the machines have the same file!
> > 
> > Now this is interesting.
> No, not really.  The hosts/lmhosts file is like /etc/hosts, but (much
> like /etc/hosts) it is only needed if your machine does not have DNS
> set up properly, or for some hostnames which can not be resolved via
> DNS.  This should not affect the proper operation of DNS in any way...

True - but it would be nice if I could tell w2000 the names of the
other machines on the lan.  Not related to current panic.

RE the kazaa-spyware connection --- 
googling "kazaa dns 2000" found this site
which doesn't address w2000 directly but
is an interesting read nonetheless.

> - -- 
> Derek D. Martin
> GPG Key ID: 0xDFBEAD02
> Version: GnuPG v1.0.7 (GNU/Linux)
> iD8DBQE+dJexHEnASN++rQIRArrTAJwLzB+8upqpbY3LTq/r82IIcfCh0gCgs8lS
> 3XE8cTvzu9fhmFnxpJGF3hg=
> =N+T7
> _______________________________________________
> Discuss mailing list
> Discuss at

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /