Info: If you see unexpected RFC1918 network numbers on your network...

[Ian Jones <ian () netstore net>]

If you use Windows NT and dock with a Windows CE palmtop, then this may 
affect you, and possibly save you some time.

I recently noticed our firewall showing alerts of blocked RFC1918 packets, 
specifically sourced from 192.168.55.100. This immediately raised my 
suspicions, as we do not currently use these internal addresses on our 
network, and the packets were originating from *behind* the firewall.

A sniffer revealed the errant packets were NetBIOS name broadcasts on 
udp/137, destined to 192.168.55.255, and were originating from a MAC 
address corresponding with one of our NT workstations with a legal IP 
address for our LAN.

Further investigation showed that NT RAS was being configured with these 
addresses, but nobody had assigned them - so where did they come from? The 
answer was that they appeared when a Philips Nino was installed with the 
docking station software. It seems that it gratuitously picks these 
addresses (though they can be changed), and it does not confine them to the 
RAS interface, and also binds them to the ethernet NIC. Checking on 
www.dejanews.com showed that other people had come across this, and there 
is an advisory on Microsoft's web site (reproduced below).

Caveat emptor.

Ian Jones
Director of professional services
ijones () netstore net
Netstore group


> PSS ID Number: Q176047
> Article last modified on 05-29-1998
>
> WINNT:1.0,2.0
>
> winnt
>
>
> ======================================================================
> ---------------------------------------------------------------------
> The information in this article applies to:
>
> - Microsoft Windows NT Workstation version 4.0
> - Microsoft Windows NT Server version 4.0
> - Microsoft Windows CE, versions 1.0 and 2.0
> - Microsoft Proxy Server versions 1.0 and 2.0
> ---------------------------------------------------------------------
>
> SYMPTOMS
> ========
>
> When you use Microsoft Windows CE Services (or Microsoft H/PC Explorer for
> Windows CE version 1.0) in Windows NT, you may not be able to connect to a
> Handheld PC (H/PC). You may receive one of the following error messages on
> the H/PC:
>
>   Remote Service not started
>
>   Critical Services cannot be started
>
> You may also receive the following error message on the desktop computer
> running Windows NT:
>
>   Remote Service Start failed
>
> CAUSE
> =====
>
> This behavior can occur if the Transport Control Protocol/Internet
> Protocol (TCP/IP) address of the H/PC is not in the Local Address Table
> (LAT) of the WinSock Proxy server.
>
> RESOLUTION
> ==========
>
> To resolve this behavior, use the following steps:
>
> 1. On the desktop computer, start Internet Service Manager (ISM).
>
> 2. Configure WinSock Service.
>
> 3. Go to Service, Local Address Table, and add the addresses of the
>   H/PC's (by default 192.168.55.100 and 192.168.55.101).
>
> 4. Stop and Restart the WWW and WinSock Service.
>
> 5. Restart the client computer.
>
> MORE INFORMATION
> ================
>
> The H/PC Explorer communicates with the HPC through TCP. The H/PC Explorer
> installation procedure installs the Microsoft Windows NT RAS Server for
> using the serial ports and assigns it to the static IP address range
> 192.168.55.100 to 192.168.55.102. When the HPC gets docked it dials into
> the Windows NT RAS Server and gets assigned the IP address 192.168.55.101.
> Thereafter the HPC establishes a TCP connection to the H/PC Explorer for
> logon. The H/PC Explorer then establishes a TCP connection to the HPC to
> do the actual data transfer.
>
> When the WinSock Proxy Client is installed and the IP address range
> 192.168.55.100 to 192.168.55.102 is not specified in the LAT, the H/PC
> Explorer cannot establish the connection back to the HPC. Instead it sets
> up a control channel connection to the WinSock Proxy server and tries to
> reach the HPC on the Proxy Servers external network. This is how the
> WinSock Proxy works by design. To let the H/PC Explorer communicate with
> the HPC through the local RAS server just add the IP address range
> 192.168.55.100 to 192.168.55.102 to the LAT.
>
> Additional query words: handheld wince wces 2.1 prodprx2 prodprx1
> ======================================================================
> Keywords: kbenv kbnetwork
> Version: WINNT:1.0,2.0
> Platform: winnt
> Hardware: x86 WinCE
> Issue type        : kbprb
> =======================================================================  
====
=
> =
> Copyright Microsoft Corporation 1998.>PSS ID Number: Q176047
> Article last modified on 05-29-1998
>
> WINNT:1.0,2.0
>
> winnt
>
>
> ======================================================================
> ---------------------------------------------------------------------
> The information in this article applies to:
>
> - Microsoft Windows NT Workstation version 4.0
> - Microsoft Windows NT Server version 4.0
> - Microsoft Windows CE, versions 1.0 and 2.0
> - Microsoft Proxy Server versions 1.0 and 2.0
> ---------------------------------------------------------------------
>
> SYMPTOMS
> ========
>
> When you use Microsoft Windows CE Services (or Microsoft H/PC Explorer for
> Windows CE version 1.0) in Windows NT, you may not be able to connect to a
> Handheld PC (H/PC). You may receive one of the following error messages on
> the H/PC:
>
>   Remote Service not started
>
>   Critical Services cannot be started
>
> You may also receive the following error message on the desktop computer
> running Windows NT:
>
>   Remote Service Start failed
>
> CAUSE
> =====
>
> This behavior can occur if the Transport Control Protocol/Internet
> Protocol (TCP/IP) address of the H/PC is not in the Local Address Table
> (LAT) of the WinSock Proxy server.
>
> RESOLUTION
> ==========
>
> To resolve this behavior, use the following steps:
>
> 1. On the desktop computer, start Internet Service Manager (ISM).
>
> 2. Configure WinSock Service.
>
> 3. Go to Service, Local Address Table, and add the addresses of the
>   H/PC's (by default 192.168.55.100 and 192.168.55.101).
>
> 4. Stop and Restart the WWW and WinSock Service.
>
> 5. Restart the client computer.
>
> MORE INFORMATION
> ================
>
> The H/PC Explorer communicates with the HPC through TCP. The H/PC Explorer
> installation procedure installs the Microsoft Windows NT RAS Server for
> using the serial ports and assigns it to the static IP address range
> 192.168.55.100 to 192.168.55.102. When the HPC gets docked it dials into
> the Windows NT RAS Server and gets assigned the IP address 192.168.55.101.
> Thereafter the HPC establishes a TCP connection to the H/PC Explorer for
> logon. The H/PC Explorer then establishes a TCP connection to the HPC to
> do the actual data transfer.
>
> When the WinSock Proxy Client is installed and the IP address range
> 192.168.55.100 to 192.168.55.102 is not specified in the LAT, the H/PC
> Explorer cannot establish the connection back to the HPC. Instead it sets
> up a control channel connection to the WinSock Proxy server and tries to
> reach the HPC on the Proxy Servers external network. This is how the
> WinSock Proxy works by design. To let the H/PC Explorer communicate with
> the HPC through the local RAS server just add the IP address range
> 192.168.55.100 to 192.168.55.102 to the LAT.
>
> Additional query words: handheld wince wces 2.1 prodprx2 prodprx1
> ======================================================================
> Keywords: kbenv kbnetwork
> Version: WINNT:1.0,2.0
> Platform: winnt
> Hardware: x86 WinCE
> Issue type        : kbprb
> =======================================================================  
====
=
> =
> Copyright Microsoft Corporation 1998.