Anonymous_User Absent Member.
Absent Member.
912 views

DA Advertisement to EXTERNAL server?

We have been running sniffs on our LAN and WAN connections trying to
determin the cause of network bottlenecks. In doing so we discovered
that our Novell server (6.5 spk5 with all patches applied) is sending
packets to an external server. Sniff capture below

"No. Time Source Destination Protocol Info
20 17.050637 servername.domain 169.254.226.117 SRVLOC DA
Advertisement
21 17.050771 servername.domain 169.254.226.117 SRVLOC DA
Advertisement
22 17.051362 servername.domain 169.254.226.117 SRVLOC DA
Advertisement"


The address 169.254.226.117 acording to a Whois search appears to be a DNS
server on the internet. Why would my server be trying to register with a
DNS server? We are not running any web services, iPrint, iFolder,
Netstorage, etc. Why would our server be going to this address and how to
I make it stop?
Labels (2)
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: DA Advertisement to EXTERNAL server?

On 7/19/2006 sd@bchq.com wrote:

> The address 169.254.226.117 acording to a Whois search appears to be a DNS
> server on the internet.


RFC 3330 states that block 169.254.0.0 / 16 is reserved for hosts that are
unable
to obtain an IP address via DHCP.

We may have clients on that segment that were unable to contact the DHCP server.
Those clients queried for SLP services on which your server is trying to
respond to.


--
Edison Ortiz
Novell Product Support Forum SysOp
(No Email Support, Thanks !)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DA Advertisement to EXTERNAL server?

Hi,

sd@bchq.com wrote:
>
> We have been running sniffs on our LAN and WAN connections trying to
> determin the cause of network bottlenecks. In doing so we discovered
> that our Novell server (6.5 spk5 with all patches applied) is sending
> packets to an external server. Sniff capture below
>
> "No. Time Source Destination Protocol Info
> 20 17.050637 servername.domain 169.254.226.117 SRVLOC DA
> Advertisement
> 21 17.050771 servername.domain 169.254.226.117 SRVLOC DA
> Advertisement
> 22 17.051362 servername.domain 169.254.226.117 SRVLOC DA
> Advertisement"
>
> The address 169.254.226.117 acording to a Whois search appears to be a DNS
> server on the internet.


No. 169.254.*.* is an address a windows workstation assigns to itself
when it's configured for DHCP; but cannot reach a DHCP server, or
doesn't get an IP from it. As SLP uses Multicast to find a DA, this is
what happens: The rogue WS with that Ip (which of course isn't really
reachable) sends a Multicast to find a DA, and as it's a Multicast that
will work. The DA now attempts to respond to the IP given in the
Multicast of the WS, and of course uses it's default route, e.g tries to
go out to the internet.

CU,
--
Massimo Rosen
Novell Support Connection Sysop
No emails please!
http://www.cfc-it.de
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DA Advertisement to EXTERNAL server?

Thank you ... this actually makes almost perfect sense. DHCP is not
running on a Novell box and has been known to have issues in our
environment (must be a MS thing). My one question is how would the
workstation connect to our Novell server if it does not have a valid IP?
Or is the Novell server simply recieving the broadcast request for a DHCP
address and attempting to pass it along?
>
> No. 169.254.*.* is an address a windows workstation assigns to itself
> when it's configured for DHCP; but cannot reach a DHCP server, or
> doesn't get an IP from it. As SLP uses Multicast to find a DA, this is
> what happens: The rogue WS with that Ip (which of course isn't really
> reachable) sends a Multicast to find a DA, and as it's a Multicast that
> will work. The DA now attempts to respond to the IP given in the
> Multicast of the WS, and of course uses it's default route, e.g tries to
> go out to the internet.
>
> CU,
> --
> Massimo Rosen
> Novell Support Connection Sysop
> No emails please!
> http://www.cfc-it.de


0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: DA Advertisement to EXTERNAL server?

Hi,

sd@bchq.com wrote:
>
> Thank you ... this actually makes almost perfect sense. DHCP is not
> running on a Novell box and has been known to have issues in our
> environment (must be a MS thing). My one question is how would the
> workstation connect to our Novell server if it does not have a valid IP?


Multicasts, just like Broadcasts, don't need a valid sender IP to reach
the destination.

> Or is the Novell server simply recieving the broadcast request for a DHCP
> address and attempting to pass it along?


This has nothing to do with DHCP directly. This is SLP traffic, which
uses Multicasts. But the idea behind it it similar.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DA Advertisement to EXTERNAL server?

On 7/19/2006 sd@bchq.com wrote:

> My one question is how would the
> workstation connect to our Novell server if it does not have a valid IP?
> Or is the Novell server simply recieving the broadcast request for a DHCP
> address and attempting to pass it along?


The workstation is not connecting to the server. The workstation joined the
SLP Multicast group (224.0.1.22) and the server is simply servicing every
single device on that group looking for NetWare services with an unicast reply.


--
Edison Ortiz
Novell Product Support Forum SysOp
(No Email Support, Thanks !)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.