Firewall Wizards mailing list archives
Info: If you see unexpected RFC1918 network numbers on your network...
From: Ian Jones <ian () netstore net>
Date: Fri, 6 Nov 1998 17:01:00 +0100
If you use Windows NT and dock with a Windows CE palmtop, then this may affect you, and possibly save you some time. I recently noticed our firewall showing alerts of blocked RFC1918 packets, specifically sourced from 192.168.55.100. This immediately raised my suspicions, as we do not currently use these internal addresses on our network, and the packets were originating from *behind* the firewall. A sniffer revealed the errant packets were NetBIOS name broadcasts on udp/137, destined to 192.168.55.255, and were originating from a MAC address corresponding with one of our NT workstations with a legal IP address for our LAN. Further investigation showed that NT RAS was being configured with these addresses, but nobody had assigned them - so where did they come from? The answer was that they appeared when a Philips Nino was installed with the docking station software. It seems that it gratuitously picks these addresses (though they can be changed), and it does not confine them to the RAS interface, and also binds them to the ethernet NIC. Checking on www.dejanews.com showed that other people had come across this, and there is an advisory on Microsoft's web site (reproduced below). Caveat emptor. Ian Jones Director of professional services ijones () netstore net Netstore group
PSS ID Number: Q176047 Article last modified on 05-29-1998 WINNT:1.0,2.0 winnt ====================================================================== --------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0 - Microsoft Windows CE, versions 1.0 and 2.0 - Microsoft Proxy Server versions 1.0 and 2.0 --------------------------------------------------------------------- SYMPTOMS ======== When you use Microsoft Windows CE Services (or Microsoft H/PC Explorer for Windows CE version 1.0) in Windows NT, you may not be able to connect to a Handheld PC (H/PC). You may receive one of the following error messages on the H/PC: Remote Service not started Critical Services cannot be started You may also receive the following error message on the desktop computer running Windows NT: Remote Service Start failed CAUSE ===== This behavior can occur if the Transport Control Protocol/Internet Protocol (TCP/IP) address of the H/PC is not in the Local Address Table (LAT) of the WinSock Proxy server. RESOLUTION ========== To resolve this behavior, use the following steps: 1. On the desktop computer, start Internet Service Manager (ISM). 2. Configure WinSock Service. 3. Go to Service, Local Address Table, and add the addresses of the H/PC's (by default 192.168.55.100 and 192.168.55.101). 4. Stop and Restart the WWW and WinSock Service. 5. Restart the client computer. MORE INFORMATION ================ The H/PC Explorer communicates with the HPC through TCP. The H/PC Explorer installation procedure installs the Microsoft Windows NT RAS Server for using the serial ports and assigns it to the static IP address range 192.168.55.100 to 192.168.55.102. When the HPC gets docked it dials into the Windows NT RAS Server and gets assigned the IP address 192.168.55.101. Thereafter the HPC establishes a TCP connection to the H/PC Explorer for logon. The H/PC Explorer then establishes a TCP connection to the HPC to do the actual data transfer. When the WinSock Proxy Client is installed and the IP address range 192.168.55.100 to 192.168.55.102 is not specified in the LAT, the H/PC Explorer cannot establish the connection back to the HPC. Instead it sets up a control channel connection to the WinSock Proxy server and tries to reach the HPC on the Proxy Servers external network. This is how the WinSock Proxy works by design. To let the H/PC Explorer communicate with the HPC through the local RAS server just add the IP address range 192.168.55.100 to 192.168.55.102 to the LAT. Additional query words: handheld wince wces 2.1 prodprx2 prodprx1 ====================================================================== Keywords: kbenv kbnetwork Version: WINNT:1.0,2.0 Platform: winnt Hardware: x86 WinCE Issue type : kbprb =======================================================================
==== =
= Copyright Microsoft Corporation 1998.>PSS ID Number: Q176047 Article last modified on 05-29-1998 WINNT:1.0,2.0 winnt ====================================================================== --------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0 - Microsoft Windows CE, versions 1.0 and 2.0 - Microsoft Proxy Server versions 1.0 and 2.0 --------------------------------------------------------------------- SYMPTOMS ======== When you use Microsoft Windows CE Services (or Microsoft H/PC Explorer for Windows CE version 1.0) in Windows NT, you may not be able to connect to a Handheld PC (H/PC). You may receive one of the following error messages on the H/PC: Remote Service not started Critical Services cannot be started You may also receive the following error message on the desktop computer running Windows NT: Remote Service Start failed CAUSE ===== This behavior can occur if the Transport Control Protocol/Internet Protocol (TCP/IP) address of the H/PC is not in the Local Address Table (LAT) of the WinSock Proxy server. RESOLUTION ========== To resolve this behavior, use the following steps: 1. On the desktop computer, start Internet Service Manager (ISM). 2. Configure WinSock Service. 3. Go to Service, Local Address Table, and add the addresses of the H/PC's (by default 192.168.55.100 and 192.168.55.101). 4. Stop and Restart the WWW and WinSock Service. 5. Restart the client computer. MORE INFORMATION ================ The H/PC Explorer communicates with the HPC through TCP. The H/PC Explorer installation procedure installs the Microsoft Windows NT RAS Server for using the serial ports and assigns it to the static IP address range 192.168.55.100 to 192.168.55.102. When the HPC gets docked it dials into the Windows NT RAS Server and gets assigned the IP address 192.168.55.101. Thereafter the HPC establishes a TCP connection to the H/PC Explorer for logon. The H/PC Explorer then establishes a TCP connection to the HPC to do the actual data transfer. When the WinSock Proxy Client is installed and the IP address range 192.168.55.100 to 192.168.55.102 is not specified in the LAT, the H/PC Explorer cannot establish the connection back to the HPC. Instead it sets up a control channel connection to the WinSock Proxy server and tries to reach the HPC on the Proxy Servers external network. This is how the WinSock Proxy works by design. To let the H/PC Explorer communicate with the HPC through the local RAS server just add the IP address range 192.168.55.100 to 192.168.55.102 to the LAT. Additional query words: handheld wince wces 2.1 prodprx2 prodprx1 ====================================================================== Keywords: kbenv kbnetwork Version: WINNT:1.0,2.0 Platform: winnt Hardware: x86 WinCE Issue type : kbprb =======================================================================
==== =
= Copyright Microsoft Corporation 1998.
Current thread:
- Info: If you see unexpected RFC1918 network numbers on your network... Ian Jones (Nov 07)