[Dshield] W2K domain controller scans

John Hardin johnh at aproposretail.com
Tue Oct 30 17:20:50 GMT 2001


Ryan J Betz wrote:

> Lately I've been seeing my W2K DC trying to connect to what appears to be a
> reserved IP address:
> 
> Oct 30 07:28:43 gateway kernel: Packet log: output DENY eth0 PROTO=6
> 192.168.0.88:139 169.254.101.152:4841 L=48 S=0x00 I=44492 F=0x4000 T=127
> (#38)


Likely cause:

169.254.x.x is what MS uses for DHCP client that cannot connect to a 
DHCP server.

It looks like somebody fired up their computer with the network cable 
unplugged, then later plugged it in. Your routes point 169.254.x.x out 
to the Internet.

The solution is to reboot whoever's generating that IP address.


-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192




More information about the list mailing list