PDA

View Full Version : Hijacked lan?



MerePeer
12-01-2005, 09:14 PM
I've got a sporadic situation that seems like some spyware activity but I can't pin it down. Thought maybe I could tap some windows network expertise and get a few more ideas on things to check?

Problem is this: occassionally this one Windows XP home computer on the LAN will lose its connectivity to some, but not all, the local nodes. I can see this when I start boincView. When I try to ping one of those now-unavailable-lan-nodes it is using an IP address that is wrong. I run my own DNS and dhcp server on the LAN and when I do an nslookup it correctly looks up the unacceptable node, which I can ping by IP. However pinging by name whether name only or name and domain is getting resolved on this {hijacked?} pc into some IP out in the world, and it goes away when I reboot. That bad IP is the same one I saw yesterday.

Other PCs on the lan are working fine.
All the nodes on the LAN are in the 192.168.1.* range.

Some diagnostics being run from the problematic node, trying to access a node (belle) which has (among many) suddenly become unavailable to this problematic node because this problematic node is using the wrong IP to access that node. belle is really 192.168.1.145

C:\>ping belle

Pinging Belle.ztowne.org [216.34.131.135] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.34.131.135:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>ping belle.ztowne.org

Pinging belle.ztowne.org [216.34.131.135] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.34.131.135:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>nslookup
Default Server: Flit.ztowne.org
Address: 192.168.1.32

> belle
Server: Flit.ztowne.org
Address: 192.168.1.32

Name: belle.ztowne.org
Address: 192.168.1.145

> exit

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kronk
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ztowne.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ztowne.org
Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-0E-A6-97-B3-DE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.150
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.3
DHCP Server . . . . . . . . . . . : 192.168.1.32
DNS Servers . . . . . . . . . . . : 192.168.1.32
68.48.0.6
68.48.0.12
Lease Obtained. . . . . . . . . . : Thursday, December 01, 2005 8:33:37
AM
Lease Expires . . . . . . . . . . : Thursday, December 08, 2005 8:33:37
AM

C:\>ping -a 192.168.1.145

Pinging 192.168.1.145 with 32 bytes of data:

Reply from 192.168.1.145: bytes=32 time<1ms TTL=128
Reply from 192.168.1.145: bytes=32 time<1ms TTL=128
Reply from 192.168.1.145: bytes=32 time<1ms TTL=128
Reply from 192.168.1.145: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.145:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nbtstat -c

Local Area Connection:
Node IpAddress: [192.168.1.150] Scope Id: []

No names in cache

C:\>nbtstat -R
Successful purge and preload of the NBT Remote Cache Name Table.

C:\>ping belle

Pinging Belle.ztowne.org [216.34.131.135] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.34.131.135:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

===

The only line in /windows/system32/etc/hosts is for localhost 127.0.0.1.
The lmhosts has been shutoff in the advanced tab of TCP/IP properties of the Network connections.

Bok
12-01-2005, 09:41 PM
Have you tried Hijackthis ?

IronBits
12-01-2005, 10:12 PM
google search on "216.34.131.135"
Seems to be a blocked IP because of possible SPAM traffic...
Doesn't have reverse DNS or something.
I suspect something in your DHCP/DNS setup and/or something in your Firewall.

What OS is the DHCP/DNS Server running? What firewall?

Does hard coding the IPs or by using a HOSTS file with every computer+IP listed on your DHCP fix this?

Let me know what you figure out!

LAURENU2
12-01-2005, 10:19 PM
Does that XP node have the windows firewall on line
It might have upgraded it self and is running without you knowing about it
You might have to go into it and trust your NIC card to get your network to see that node
Good luck

PCZ
12-02-2005, 02:46 AM
MerePeer

You have been Hijacked.

It may be possible to cleanse your PC but a rebuild would be the best course of action.

I searched yahoo for that IP and there are hundreds of domains using it.
Most just go to advertising pages.
They all seem to be hosted by fabulous.com.

BTW
In the past that IP was used by the taliban

taliban-online.info
ID: 294
Status: inactive
IP addresses (this site operates from multiple servers):
81.3.43.252
209.61.186.84
69.64.49.231
216.34.131.135
ISP (depricated):

Wouldn't want to be associated with that one :(

Shish
12-02-2005, 02:52 AM
Windows networking is a total pain on XP.
Sharing (via main security page) is necessary but no longer "visible".
Simple sharing no longer works the same for any root directory.
Basically, you have to make the network less secure to allow easy sharing, which is why M$ hid the overall security settings unlike in Win 2K.
One reason why I always recommend putting the OS on it`s own small partition and everything else on another one. Makes sharing, especially program files, a lot easier.
The firewall is also a big pain and not very good anyway, try switching it off and running the networking setup wizard. If that don`t work, look in the help for accessing the overall security settings for the network. At least the help is good and well explained. You`re gonna have to load a new security profile at least and likely use the console to set it up properly cos everything you need is in there as well as the loading of different templates for the security. Long as you`re running a decent firewalled router and nobody is accessing via an open permission (admin etc.) load the lowest template for security you`re happy with then adjust the access and account settings in the MMC (console).
Mostly, you can still use the admin (C$, D$) shares reasonably easy as long as you have the sharing set up via the network wizard.

Use spybot s and d, adaware, and spyware blaster, all good and free. Search on google for a free rootkit detector, can`t remember the name of the one I use just now but it looks like a dos window/console and works well.
That address is on the blocked list for a lot of spyware progs. Nasty site.

willebenn
12-02-2005, 06:56 AM
Here is a link for a rootkit tool. This site has some other utils as well.
sysinternals (http://www.sysinternals.com/utilities/rootkitrevealer.html)

Marky-UK
12-02-2005, 07:33 AM
Your PC is configured to use three DNS servers: 192.168.1.32, 68.48.0.6 & 68.48.0.12.

Only one of those (192.168.1.32) is going to be able to resolve your local 192.168.1.* IP addresses - the other two will likely return 'host not found'. XP will rotate which of the three DNS servers it uses.

If you're running your own DNS & DHCP servers, I'd recommend making all the clients only use your DNS server - then configure the DNS server to be able to resolve non-local IP addresses. You can either do this by reconfiguring the TCPIP settings on each client, or modify the settings that the DHCP server sends to each client.

MerePeer
12-02-2005, 07:36 AM
Yes all computers are behind a router.

DNS/DHCP server is linux and I believe uncompromised as can be seen from the nslookup.

The pc with the problem has the Windows sp2 firewall enabled, and runs both the mcafee virus and the windows spyware beta which have turned up nothing. Spybot shows no probs.

I just ran noadware4 and it found an app ( that came on the box ) with a hole in it which I will remove and rerun the scan. Dont really want to reinstall the O/S because the way it works from HP it ends up wiping the whole drive, not simply reinstalling the O/S.

I'm looking over "autoruns" output which is my new favorite for analyzing what's going on. I see spamsubtract as a Winsock2 provider -- didnt know that was installed so I'll try eliminating it since it seems to me this hijack is somewhere in the network layer if it impacts a simple ping.

MerePeer
12-02-2005, 07:41 AM
Marky I didnt realize that XP rotated the DNS. Does it do that randomly or only when it can not access the primary? I setup the other two as "backups" in case my inhouse DNS pc goes down (yes that DNS can resolve external addresses as well as the locatl 192.168s), allowing the other computers in the house to continue internet activity. Also, those two DNS IPs are about a year old and I could update them to Comcast's latest (assigned to my router by Comcast during router dhcp).

Marky-UK
12-02-2005, 07:45 AM
If XP gets a 'host not found' from the first DNS server it tries, it doesn't try the next DNS server. It also seems to rotate the DNS servers, even though the TCPIP settings imply it uses them in order.

Try taking them out and see if everything works fine. If my DNS server goes down I just reconfigure the TCPIP settings there and then - at least XP doesn't need a reboot anymore for this.

Shish
12-02-2005, 10:22 PM
Seems I missed something there.
Why run dns and dhcp for an internal , private numbered network. If you`re on dsl, you get the dns externally anyway and use the nat off the router plus dhcp.
We ran a major internal network and secure internet access (around 4000 computers) solely from a dhcp scope and routers plus the usual crap cisco pix boxes.
Are you using a tux computer as a router, perhaps?
It`s somewhat unnecessary complication unless you`re running either a windows server setup or a full tux setup with all 3 parts and you`re using it for learning how it swings.
I`ll sit this one out cos I`m likely too full of drugs just now.

MerePeer
12-03-2005, 06:49 AM
Looks like two factors came to play. First the local domain name I was using, which for years was unregistered, seems to now been registered to that 216.34.. IP. {Note: I changed the name in the post above since this is a public forum.} Second, when XP switches to one of the alternate DNS servers and then tries to lookup a local computer name+the local-domain-name-now-registered-outside, it resolves to that bad IP using the external DNS server.

I'm going to change my local domain name a bit and I believe that will solve the issue. Breathing a bit easier now.

Thx for the tips everyone.

@Shish -- I dont use the router's dhcp because I need to specify additional dhcp args for pxe nodes. I use a local dns to get a small performance boost (cached name lookups don't go out to my ISP) but also because it enables my linux nodes to access my linux nodes by name (no NetBeui around to help resolve names like under Windows I believe). Also this DNS (bind9) supports DynamicDNS so the DHCP server can inform the DNS whenever IPs are assigned.

Shish
12-03-2005, 03:26 PM
OK, thanks for answering that one and not taking umbrage.

Guess I`ll have to rebuild my big network again to play with x matched win and nix servers.

I use only Win 2K3 servers nowadays cos I get them for free but I did start out on Nix and dos stuff and recently went back a bit to Solaris to help somebody out.

Been corrupted over the years by Cisco and Big iron stuff and too easy Win servers but there`s too many trees and forests nowadays (pun intended) and no need for me to problem solve too much.

DNS is good when you need it and we did drop 16 domains down to five at my last job which was fun (if you`re a masochist) and using local dns but it can cause some unusual problems, especially on nested servers. Whilst we were using it, we always used nonsense names which wouldn`t be resolved outside the network but the xxx one is now causing trouble I believe.
Anyway, we put everything back on dhcp that didn`t have to use dns as soon as we could after sorting the access issues out from the reduced secure domains. Then all we had to worry about was people leaving passwords stickied on their monitors and the usual stupid passwords.

Oh, just remembered....look out for non registered names being repointered to the usual netnames sites as well, I had some bother with that on one network and it messed the dns up completely. Use a nonsense name, much easier.

LAURENU2
01-12-2006, 06:29 PM
HELP
A strange thing Is starting to happen here
My network split itself in half I have about 60 nodes running here and before I started to upgrade the OS to XP & w2k they all worked well and they had a address in the range of 192.168.1.100 to 198.168.1.200
But now for some reason they have split
18 of the 60 now have a Address of 169.254.173.XXX Not all of these nodes are on the same router. nor can they see the INTERNET or the rest of my network.
And I just can not seem to get the 18 to look for and except the 192.168.1.XXX address on there own I can force them to take 192.168.1.XXX and they then see my 192.168.1.XXXnetwork but they still can not see the INTERNET All the effected nodes are still running winME
So it was not the upgrade. they are all under WORKGROUP
I have tested the cables all seems OK

I have run out of :idea: and can only :bang:

Anybody have any ideas why this happened or know a way to fix it

IronBits
01-12-2006, 08:06 PM
169.254.X.X is the standard IP that Windows gets when it can't find a DHCP server.


You're DHCP Server has run out of IPs to give out... check your router and see that you have a large enough scope/range to work with that many nodes. ;)

LAURENU2
01-12-2006, 09:57 PM
169.254.X.X is the standard IP that Windows gets when it can't find a DHCP server.


You're DHCP Server has run out of IPs to give out... check your router and see that you have a large enough scope/range to work with that many nodes. ;)
When I set up the DSL router I set the rang to 100 nodes starting at 100 to 200
I thought that would be enough since I only run 60

I will increase it to 120 to see if it helps

LAURENU2
01-12-2006, 10:16 PM
your the MAN IronBits---- Here I have beed checking leads, configs, for 2 days :bang: & IB fixes it in 2 mins:cheers:
:allhail:

LAURENU2
01-12-2006, 10:33 PM
Looking at the routers DHCP Server table It was only using 40 or so addresses
So why would it not go back and reuse the lower unused addresses:confused: :swear: :confused:

Shish
01-12-2006, 10:48 PM
Home routers are easy to config normally but when you get a problem it`s usually something so easy, when you figger it out that you wonder how you missed it. ATM there only seems to be around 3 or 4 unique software packages for routers but if you` don`t use their wizard, most of the ettings can be across 3 pages.
Try problem solving with a Cisco IOS....then you know what sweaty brows are about. I know, I`ve still got the headache from the new one I`m trying out. No auto configs or wizards on these bloody beasts.
One problem you may still come across (for future reference) is not all the routers use supernetting addressing and you may have to be careful of how many addresses you put into one address range as a cheapie router I`ve just sorted wouldn`t work with certain address ranges cos there were too many addresses to fit into the sub net as its firmware only allowed a fixed subnet range and the guy was using the 10.0.0.0 range but couldn`t figger why he was getting split sub nets and difficulty connecting between them when he thought he should have them all on the one subnet. Once I checked the firmware routing settings and arp`d the tables, a firmware update solved his problem as the original wouldn`t allow a range of 255.0.0.0 as the tables said no more than 253 clients and he was crossing the subnet boundary with the range he was trying to use. Was fun that one but actually not too difficult.

Anyway Jeff, with that many clients, I`m surprised you`re not trying to split the collision domains up a bit with a L3 switch or summat else manageable. Can get pretty noisy and overworked with 60 machines on a lan and subnetting doesn`t stop you communicating with them, just cuts down on the crap being continually broadcast and generally speeds things up a bit as there`s less collisions and collison avoidance delays on the traffic.

IronBits
01-12-2006, 11:55 PM
Looking at the routers DHCP Server table It was only using 40 or so addresses
So why would it not go back and reuse the lower unused addresses:confused: :swear: :confused: Lease time (how long it will reserve the IP address for that computer based on MAC address I believe)
Set it to 1 day to force them to be released within 24 hours, or double your scope/range so there are plenty to go around (like you did), OR, go into the router and try to release the unused ones - not fun. ;)

Setup a scope/range from 50-250 and you're good to go! :D

Glad it's all working! :clap:

LAURENU2
01-13-2006, 12:29 AM
Well Shish
I can say this I will not can not have any more then 65 nodes I just do not have the space to run any more
I was just surprised and dumbfounded because I did not do or change anything . Nodes just started splitting off for no reason

The way I have it setup is Main router is Linksys BEFSR81 Then branched out to four 16 port and two 5 port switches branch off the main All except 8 nodes do nothing but crunch So net traffic from the back end is minimal

:umm: I am not sure I would know how to setup a subnet
I bet you never ran into a network dummy:looney: that had so many computers Before:rock:

LAURENU2
01-13-2006, 12:43 AM
IronBits
I increased it from 100 to 140 that is twice the number of online nodes I hope that is good enough
Thanks again for your help Free-DC is the BEST

Shish
01-13-2006, 12:50 PM
It`s possible the way windoze uses tcp/ip is to blame as I have a similar problem but mainly with wifi.
Sometimes you will find that each switch and your router have out of date network maps or haven`t updated the info on routing they continually send each other and with that size network, you may benefit either from subnetting (cuts down on the amount of traffic overall that computers and network devices make and listen to) . The link I`ve posted is not too technical and explains your problem. You may be better off getting a router with all the usable routing software built in ( doesn`t have to be expensive, some cheaper routers have almost everything in their software) and learning a little of the basics of routing.
Some of the commands built into windoze such as net /?, and basic routing commands are well worth learning and not too technical or hard.
I`ve solved many a problem with wifi dropping it`s route by simply "commanding" the devices to talk and listen to each other.
Anyway, here`s a link to start you off. Don`t be frightened cos it`s Cisco, they actually publish a heap of simple information on general routing and I use them cos that`s what I used to teach with at college and I know it`s not too difficult.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/routing.htm

Shish
01-13-2006, 03:30 PM
One of the things I was trying to remember before and which is implemented on most modern routers and windoze is RIP. Normally shows as ripv1 or ripv2 or both.
Implementing this protocol can solve next hop ( which is how all routing works) loss of route due to missing a map update on the routing tables all devices have and use. That`s always been a problem with XP particularly when only simple file sharing is on or file sharing and discovery (upnp) is disabled (frequently done both for security and because it helps to stop the taskbar losing startup progs etc.). M$ buried the easy security settings on 2K when they did XP and it`s not set by default on XP SP2 and you have to find the console and change or replace the default templates from the console.

Sorry if that`s maybe too technical, drugs are affecting my memory and slowing my thought processes down tonite but just to say, if you have rip running on both your router (look in the tech specs to see if rip1 and rip2 is supported cos it`s sometimes set auto and not settable in the router control panel) and windoze (Control Panel/ add remove programs/ add remove windoze components/networking services.....enable rip and simple etc. UPNP may cause you hassle with extra icons popping up and has an effect on the taskbar sometimes (use taskbar repair plus tool) but can help if your network supports it.

Should solve most of your problems but simple sub netting may be of great help and is not too difficult to do. Also forcing a fixed route/persistent route (ie not using dhcp but specifying the net address for each machine) (available on most modern routers and network cards) can cut down on routing overheads and multicast traffic so giving more time for packet transfer or "real work".

Right.... off to have my savoury mince and leek dumplings and some more drugs which I`ll compound with a bottle of nice German Nierstein.
Happy networking all.

LAURENU2
01-16-2006, 12:21 AM
I think it might have been the Linksys BEFSR81 bios needed a flash update
I flashed it and restarted my network and now I have recoverd all the address that were eaten up before Now the first address in xxx.xxx.xxx.100 as it should be look at all the things the Flash fixed
Ver #. -- Date Description
2.50.2 -- May 19, 2004

1. Added Filter Ident(port 113) option
2. Fixed abnormal port scan issue
3. Fixed an issue saving changes under Linux OS.
4. Change DDNS User-agent data format
5. Removed Primary and secondary DNS entry.
6. Added DNS 1, 2, and 3.
7. Added WINS support.
8. Fixed Mutliple PPTP passthrough issue.
9. Fixed IPSec fragmented packet cannot pass from WAN to LAN.
10. Added L2TP Internet Connection Type support for Europe.
11. Added "Filter NAT Redirection" to prevent local client
access local Internet servers.
12. Fixed MRU not being properly passed to the MTU settings.
13. Logviewer IP will save the settings after enabling log option.
14. Modified some typos on the firmware.
15. Moved the help part on the right side of the user interface.
16. modified the Save settings and cancel changes button.
17. Validates entry before applying changes.
18. Fixed connect on demand not disconnecting properly after timeout.
19. Fixed QoS option will not save the settings properly.
20. Fixed MTU not working properly.
21. Fixed RIP 1 & 2 not working properly

Shish
01-16-2006, 12:41 AM
There you go. That`s a lot of stuff fixed, just needs a typo to crap it out.
Notice ripv1 and ripv2 fixed, you should make sure it`s also on in windoze as previous post.
Just a personal thing and maybe the Linky (despite being owned by Cisco now) wouldn`t handle it, but I`d still split 60 machines into at least 4 subnets or probably 6. Cuts down on all the crap such as multicasts and the general traffic running and generally speeds up and makes somewhat more reliable each set of computers` networking.
Just run one of the free network monitors such as TCPVIEW or TCIMONNT and see all the trafic zipping up the screen, most of which is rubbish.
I see it also fixed WINs which means if you enable netbios over tcpip, your machines can find each other just by name as well as address. Some people say it`s a security risk but I don`t worry about it on a home network and it can make machines easier to find.

60 machines is a lot of central heating though. Nice in the depths of winter but I can`t wait to get the new house built and cut the ac load off the mains for only 4 machines in the summer.
Just got permission to use the mineshaft service pipes for my geo thermal :thumbs:

LAURENU2
01-16-2006, 02:35 AM
There you go. That`s a lot of stuff fixed, just needs a typo to crap it out.
Notice ripv1 and ripv2 fixed, you should make sure it`s also on in windoze as previous post.

The router has a option to use rip1 and or rip2 Is one better to use then the other??
And it also has the option to :Transmit RIP Version: rip1 and rip1-compatible or ripv2
And it has the option to :Receive RIP Version: rip1 and rip2 only
I have both set for rip1 right now

Is it best to have both Transmit and Receive RIP Version set to the same rip and which rip is better to to use

Shish
01-16-2006, 03:09 AM
It`s best to use both but set whatever it will allow you.
If I remember correctly, windoze may only use ripv1 but your adapter may support ripv2 in firmware.
Switch em all on or whatever you can. ripv1 is on most systems but ripv2 is a bit better if supported.

IronBits
01-16-2006, 05:19 AM
RFC 2453 (Request for Comments 2453)
RIP Version 2
www.faqs.org/rfcs/rfc2453.html

also www.networksorcery.com/enp/protocol/rip.htm (http://www.networksorcery.com/enp/protocol/rip.htm)

RIP version 2 (RIPv2) added several new features.
External route tags.
Subnet masks.
Next hop router addresses.
Authentication.
Multicast support.I don't think it's anything that will help you on your LOCAL TCP/IP LAN, I keep it disabled... ;)
---------------------------------------------------------------------------------------

RIP Protocol is really just a protocol to let your network now about others.
RIP is a distance vector protocol that is responsible for maintaining a list
of distances to each destination network on an internetwork.
RIP was adapted from the Xerox Network Standard (XNS) routing
protocol. However, an extra field for time delay (Number of Ticks) was
added to the packet structure to improve the decision criteria for
selecting the fastest route to a destination. This change prohibits the
straight integration of NetWare’s RIP with unmodified XNS
implementations.
RIP has no application programming interface. In the UNIX environment, routing
is implemented as a LAN router within the IPX driver for servers and dedicated
routers. The client configuration of the IPX driver does not support routing
All routers keep an internal database of internetwork routing
information, called a Routing Information Table (or Router Table). Such
tables keep current information on the internetwork’s configuration,
which they update from RIP broadcast packets over IPX.

RIP allows the following exchanges of information:
x Clients locate the fastest route to a network.
x Routers request routing information from other routers for the purpose of updating their own internal tables.
x Routers respond to route requests from clients and other routers.
x Routers broadcast periodically to ensure that all other routers are aware of the internetwork configuration.
x Routers broadcast whenever they detect a change in the internetwork configuration.

IPX/SPX is the legacy internetworking protocol for Novell NetWare. It was derived from the XNS (Xerox Network System) protocol, which was developed in the 1970s. It is usually just called "IPX," although some sources refer to it as "IPX/SPX," "SPX/IPX," or "Novell protocol."
Note that TCP/IP is now the primary Novell NetWare internetwork protocol.

Short for Internetwork Packet Exchange, a networking protocol (http://www.webopedia.com/TERM/I/protocol.html) used by the Novell NetWare (http://www.webopedia.com/TERM/I/NetWare.html) operating systems. Like UDP/IP (http://www.webopedia.com/TERM/I/UDP.html), IPX is a datagram protocol used for connectionless (http://www.webopedia.com/TERM/I/connectionless.html) communications. Higher-level protocols, such as SPX and NCP, are used for additional error recovery services.

PCZ
01-16-2006, 10:38 AM
UM so four subnets and RIP on a home network !!!

Please excuse me i'm close to death from laughing so hard. :jester:

Shish
01-16-2006, 02:59 PM
On a home network of 65 computers? Not exactly small.
All networking is based on one simple primciple, next hop and routing information tables of known routes.
If windoze implements a routing protocol then it will be of use and though there are many such protocols, some have different purposes such as security etc..

Carry on laughing mate, personally I use all the tools available and keep my kit updated.

Take whatever advice seems reasonable to you Lauren and best of luck and goodbye.

LAURENU2
01-16-2006, 07:20 PM
Thank you Both Shish and IronBits your insight is vary well appreciated
And I am sure others that are reading this thread are :idea: learning as well:cheers:

Shish
01-16-2006, 09:46 PM
One thing I was thinking of and forgot to add in my drug induced haze is if you are still on an all windoze network, then windoze workgroup networking only allows for ten or less computers in a workgroup.
Trips a lot of home networkers up that when they`re wondering why their computers don`t talk to each other.

LAURENU2
01-16-2006, 09:56 PM
I have all 60 into 1 group called WORKGROUP
If my router gives them a address I see and tranfer
file ok :umm:

Shish
01-16-2006, 11:45 PM
I may be out of date on XP but it was true of all the systems we setup upto and including Win2K.
Not saying you won`t be able to communicate or see your systems on their net but I seem to remember some features won`t work or you may "lose" some of your computers occasionally.
Could be totally out of date, if it works OK, don`t sweat it. Long time since I took the NT4 and Win2K certs and no doubt it`ll give some one else a laugh.

IronBits
01-17-2006, 12:01 AM
What he is referring to is that Windows Workstations (all flavors) are limited to 10 client connections. A server does not have that limitation.

In other words:
If you have a SHARE on one client, it will only allow 10 simultaneous connections. Not good in a large WORKGROUP that needs sharing.
There are registry hacks to get around that limit tho... ;)

I suspect on a Distributed Client WORKGROUP network where you only need access to the internet for each workstation to communicate with various DC Servers, you won't have that problem, because none of them require SHARES.
In that DC scenario, you are only limited to how many ports are on your switch, or 255, which ever comes first. ;)

If you wanted to run a DC proxy or require at least one SHARE, that might be a different story, but then, all you need is one Server, Linux comes to mind, and that problem is solved.

TCP/IP is a very robust protocol, and it really kicks butt on 100/1000mb switches :D

PCZ
01-17-2006, 01:28 AM
Actually you are not limited to 255 hosts.

SOHO routers come set up to use a /24 [255.255.255.0] network usually 192.168.0.x.
Thats .0 for the network .255 for the broadcast and usually .1 or .254 as the gateway leaving 253 usuable host IP's.

However You can change this to whatever you like.
Want more hosts, or a smaller broadcast domain, change the Subnet mask on the routers LAN interface.

A few SOHO routers may be limited to just a /24 but all the ones i have come across can have the Subnet nask changed to create Smaller / Larger networks.

In 99.99% of cases however this is unneccessary the defaults work just fine.

Lauren is a case in point, the router is dishing out IP's to all his hosts and the hosts are communicating quite happily amongst themselves.

Over time Lauren may start to notice odd behaviour particularly with name resolution but right now it's working and there's no need to change.

A fine example of the power of the KISS principal.

Shish
01-17-2006, 11:37 AM
Having been so thoroughly corrected, you have the benefit of some top class help Lauren, and I`m gonna shut up and go back to being a retired hardware and datacoms engineer and probably back on the key if my regression due to diamorphine goes much further.
What can I say except perhaps dih dah di dit.
Mind you, 10Gbps networks rock even if they are a bit overkill for a family house. 74 MB a second means even a 4 disk raid 5 can`t saturate the network. Roll on the day when that gets to consumer level.

IronBits
01-17-2006, 11:54 PM
Shish, my comments were never directed at you, or anyone else, so I hope you didn't take anything personal.
I was just trying to point out that for a home DC LAN, you really don't need to do anything special, once the Router is setup and the DHCP scope is adjusted for the amount of computers you have or plan to use...

Shish
01-18-2006, 03:02 AM
Don`t worry about me IB, my skin is thicker than a lot o people could believe and I have a lot of respect for you and some of the other stalwarts around here.
In my own defense, I will say I only did Cisco, Nortel and Big Iron in self defense and skipped as many NT courses as I could.
Talk about hardware, and valves in particular along with other more modern stuff in the microwave region, and I`ll rank my 1934 designed, built it myself, Mullard 1Kw audio hi-fi amp with original MZ2-200s triodes driven by a pair of EL37s in class AB push pull and taking up more space than 2 rack cabinets with anything buyable today. Mind you, I gave in and bought a Yamaha for the other 4 channels of Dolby. And it`s burglar proof and lethal to poking fingers :Pokes: :scared:
Nowadays I just tinker and solve problems for fun and the 3 pensions I got for doing it for real keep my family in the comfort they`d like to think they deserve while I consume more drugs than would keep a pusher in luxury for life and add to the pleasant fog with good liquor and better food. Might keep the body going but doesn`t do much for the brain.
Anyway, I still find that computers and radio don`t make happy bedfellows and I`m rapidly returning to my past loves to which I`ve devoted more than a few thousand pounds and which has kept my house insurance company in clover for many years. And I can still use an iambic paddle or a straight key to keep in touch without benefit of a broadband connection unless you consider the oldest radio type, spark gap tx, as the broadest of broadband connections there ever was.....<rambles off to the hills and the hidden still equipped with a vhf 8877 Kw 2 metre portable and a spare 16 ele Tonna on the LandRover roof>
Catch you all on the flip side, I`m still hoping my Local #### Brownsville pension gets bought out by the Ozzies.:looney:

gopher_yarrowzoo
01-18-2006, 03:57 PM
:allhail:
Gee Shish you :rock: :thumbs: I know enough about that stuff to know that well heck you leave lethal values to the experts.. It must Rock - bet it's got superb BASS on it... I've got a bone to pick with my router but that will be a seperate post.