From owner-freebsd-security Fri Sep 28 6: 0:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from sv07e.atm-tzs.kmjeuro.com (sv07e.atm-tzs.kmjeuro.com [193.81.94.207]) by hub.freebsd.org (Postfix) with ESMTP id 6AAE837B40D for ; Fri, 28 Sep 2001 06:00:03 -0700 (PDT) Received: (from root@localhost) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) id f8SCxrF96195 for freebsd-security@freebsd.org; Fri, 28 Sep 2001 14:59:53 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Received: from kmjeuro.com (adsl.sbg.kmjeuro.com [193.154.189.16]) (authenticated) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) with ESMTP id f8SCxkv96062 for ; Fri, 28 Sep 2001 14:59:46 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Message-ID: <3BB4743E.5080906@kmjeuro.com> Date: Fri, 28 Sep 2001 14:59:42 +0200 From: "Karl M. Joch" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010812 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Windows 2000 Server behind IPFW/NAT tries to update external DNS? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X--virus-scanner: scanned for Virus and dangerous attachments on sv07e.atm-tzs.kmjeuro.com (System Setup/Maintainance: http://www.ctseuro.com/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i know this is quit off-topic, but i think this could affect others too. i have a FreeBSD IPFW/NAT box at a customer. they hav an windows 2000 server in their local net running on 192.168.x.x. i have no access to this server, but the admin showed me he has not clicked the register in dns button on this server as on all workstations. before doing this all of the workstations tried to update their entry in the external dns for their domain. on the workstations this worked. but the server still tries to update DNS1 and DNS2 for their domain (the local net is build up on theirdomain.tld). i blocked the access from this server to the dns and was surprised: 01300 35367 4838496 deny ip from 192.168.1.5 to 193.81.94.66 01400 58935 3418230 deny ip from 192.168.1.5 to 193.81.94.143 this stupid thing doesnt accept that there is no way to update and tries it endless. without blocking there showed up a lot of denied updates in the bind log (dns1/2) are in my server room. also if i would replace this stupid thing with samba, there is no way for it. any idea how to get this stupid M$ thing to not try to update the DNS? i know there are things in W2K regarding active directory and DNS, but still havnt found a way. -- -- Best regards / Mit freundlichen Gruessen, Karl M. Joch KMJ Consulting - CTS Consulting & Trade Service http://www.kmjeuro.com - http://www.ctseuro.com k.joch@kmjeuro.com - k.joch@ctseuro.com GSM : +43-664-3407888 Unsere Services: http://www.proline.at - Netzwerk und Sicherheitstechnik http://www.eushop.net - Onlineshop und Applikationen einfach mieten http://www.freebsd.at - Das Power Betriebssystem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message