Archived from groups: comp.security.firewalls (More info?)

Hi,
I appear to have lost DNS functionality on my W2K box. No problem to
get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
on the same oruter has no problem whatsoever. It just quit last night -
worked at 7 p.m., but not at 9:15. Did an ipconfig release tne a
renew, no improvement. Rebooted, still no improvement.

Could this be the result of a virus?

Please respond here.

Thx,
Shneor

Archived from groups: comp.security.firewalls (More info?)

Sure. Could be a virus. Or not. More info.

-Frank

"Shneor" <shneor@my-deja.com> wrote in message
news:1124894783.469963.208660@o13g2000cwo.googlegroups.com...
> Hi,
> I appear to have lost DNS functionality on my W2K box. No problem to
> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
> on the same oruter has no problem whatsoever. It just quit last night -
> worked at 7 p.m., but not at 9:15. Did an ipconfig release tne a
> renew, no improvement. Rebooted, still no improvement.
>
> Could this be the result of a virus?
>
> Please respond here.
>
> Thx,
> Shneor
>

Archived from groups: comp.security.firewalls (More info?)

"Shneor" <shneor@my-deja.com> wrote in message
news:1124894783.469963.208660@o13g2000cwo.googlegroups.com...
> Hi,
> I appear to have lost DNS functionality on my W2K box. No problem to
> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
> on the same oruter has no problem whatsoever. It just quit last night -
> worked at 7 p.m., but not at 9:15. Did an ipconfig release tne a
> renew, no improvement. Rebooted, still no improvement.
>
> Could this be the result of a virus?
>
> Please respond here.
>
> Thx,
> Shneor
>
Could be that your hosts file has been compromised. Also, you could set the
DNS settings in the box to be the IP address of the router, thus making the
router the DNS server.

Archived from groups: comp.security.firewalls (More info?)

"Shneor" <shneor@my-deja.com> wrote in message
news:1124894783.469963.208660@o13g2000cwo.googlegroups.com...
> Hi,
> I appear to have lost DNS functionality on my W2K box. No problem to
> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
> on the same oruter has no problem whatsoever. It just quit last night -
> worked at 7 p.m., but not at 9:15. Did an ipconfig release tne a
> renew, no improvement. Rebooted, still no improvement.
>
> Could this be the result of a virus?
>
> Please respond here.
>
> Thx,
> Shneor
>

Could be your ISP's DNS server as well.

Archived from groups: comp.security.firewalls (More info?)

In the Usenet newsgroup comp.security.firewalls, in article
<NpCdnZCgE_5vJ5HeRVn-tQ@comcast.com>, Charles Newman wrote:

>"Shneor" <shneor@my-deja.com> wrote

>> I appear to have lost DNS functionality on my W2K box. No problem to
>> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
>> on the same oruter has no problem whatsoever.

Did you miss this?

> Could be your ISP's DNS server as well.

Much more likely to be a windoze or DHCP problem.

Old guy

Archived from groups: comp.security.firewalls (More info?)

No, since my linux box on the same router works just fine.
Thx,
Shneor

Archived from groups: comp.security.firewalls (More info?)

Worth a shot.Thx,
Thx,
Shneor

Archived from groups: comp.security.firewalls (More info?)

I'm wondering if it could be a Zone Alarm problem.

Shneor

Archived from groups: comp.security.firewalls (More info?)

Ah... there's some more info... yes, could be ZA. Make sure ZA is allowing
port 53 to be used for DNS.

-Frank

"Shneor" <shneor@my-deja.com> wrote in message
news:1124917784.879165.285920@g47g2000cwa.googlegroups.com...
> I'm wondering if it could be a Zone Alarm problem.
>
> Shneor
>

Archived from groups: comp.security.firewalls (More info?)

"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndgpkhv.3hm.ibuprofin@compton.phx.az.us...
> In the Usenet newsgroup comp.security.firewalls, in article
> <NpCdnZCgE_5vJ5HeRVn-tQ@comcast.com>, Charles Newman wrote:
>
> >"Shneor" <shneor@my-deja.com> wrote
>
> >> I appear to have lost DNS functionality on my W2K box. No problem to
> >> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
> >> on the same oruter has no problem whatsoever.
>
> Did you miss this?
>
> > Could be your ISP's DNS server as well.
>
> Much more likely to be a windoze or DHCP problem.


Sometimes Comcast's DNS server breaks, and
when that happens, I get the same kinds of problems
as the OP. I can specify a web site by the IP number,
but not by the Web address

Archived from groups: comp.security.firewalls (More info?)

Shneor <shneor@my-deja.com> wrote:
[No DNS]
> I'm wondering if it could be a Zone Alarm problem.

Because Zonealarm is vulnerable against the SelfDoS attack, this is
possible.

To explain:

i.e. also Zonealarm blocks any communication with a host, which tries
to "attack". Just a simple TCP SYN packet for opening, say, a typical
socket some Trojan horses are using, makes Zonealarm to block any
traffic with this host for the next minutes.

Even if the sender IP of this SYN cookie was spoofed to the IP of the
DNS server ;-)

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

Archived from groups: comp.security.firewalls (More info?)

In the Usenet newsgroup comp.security.firewalls, in article
<1124917784.879165.285920@g47g2000cwa.googlegroups.com>, Shneor wrote:

>I'm wondering if it could be a Zone Alarm problem.

If the Linux box works at the same time the w2k box can't, that certainly
would be a good place to check. Depending on what your local network
configuration is (hub verses switch used to share the Internet connection),
you might be able to run '/usr/sbin/tcpdump -n' on the Linux box - watching
packets from the w2k box to the router (thence to the world). If so, do you
see DNS queries to port 53 of a valid name server? Do you see reply attempts.
The DNS would be using UDP, rather than TCP.

Old guy

Archived from groups: comp.security.firewalls (More info?)

In the Usenet newsgroup comp.security.firewalls, in article
<FvadnZ2dnZ0qwiabnZ2dnT3JkN6dnZ2dRVn-y52dnZ0@comcast.com>, Charles Newman wrote:

>"Moe Trin" <ibuprofin@painkiller.example.tld> wrote

>> Charles Newman wrote:

>>>"Shneor" <shneor@my-deja.com> wrote
>>
>>>> I appear to have lost DNS functionality on my W2K box. No problem to
>>>> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux box
>>>> on the same oruter has no problem whatsoever.
>>
>> Did you miss this?

One assumes you can read through typos - if you can't, I can translate that
for you. The last sentence should read

"A linux box on the same router has no problem whatsoever."

So, while the windoze box can't resolve names, another system running on
the same connection has no problem.

>>>> Could be your ISP's DNS server as well.
>>
>> Much more likely to be a windoze or DHCP problem.

Charles, it really helps if you read the posts.

> Sometimes Comcast's DNS server breaks, and
>when that happens, I get the same kinds of problems
>as the OP.

So, you believe the Comcast - a rather large cable provider with about
TWENTY FOUR MILLION IP ADDRESSES has "one" DNS server? That's a pretty
large number of eggs to put into one basket. I know that Comcast is
quite incompetent, but I doubt they are THAT st00pid. Maybe you have a
slight configuration problem, as I have no problem identifying ten
different servers, and I'm not even looking for the "customer only"
servers that you should have access to IN ADDITION TO the ones I find.

>I can specify a web site by the IP number, but not by the Web address

Maybe you should consider switching to AOL - I'm told that their software
is much easier to use, and you don't have to worry about complicated things
like IP addresses, and configuring that technical stuff.

Old guy

Archived from groups: comp.security.firewalls (More info?)

"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndgs8pk.8al.ibuprofin@compton.phx.az.us...
> In the Usenet newsgroup comp.security.firewalls, in article
> <FvadnZ2dnZ0qwiabnZ2dnT3JkN6dnZ2dRVn-y52dnZ0@comcast.com>, Charles Newman
wrote:
>
> >"Moe Trin" <ibuprofin@painkiller.example.tld> wrote
>
> >> Charles Newman wrote:
>
> >>>"Shneor" <shneor@my-deja.com> wrote
> >>
> >>>> I appear to have lost DNS functionality on my W2K box. No problem to
> >>>> get to a URL (e.g., 121.230.140.99), but dns does not work. A linux
box
> >>>> on the same oruter has no problem whatsoever.
> >>
> >> Did you miss this?
>
> One assumes you can read through typos - if you can't, I can translate
that
> for you. The last sentence should read
>
> "A linux box on the same router has no problem whatsoever."
>
> So, while the windoze box can't resolve names, another system running on
> the same connection has no problem.
>
> >>>> Could be your ISP's DNS server as well.
> >>
> >> Much more likely to be a windoze or DHCP problem.
>
> Charles, it really helps if you read the posts.
>
> > Sometimes Comcast's DNS server breaks, and
> >when that happens, I get the same kinds of problems
> >as the OP.
>
> So, you believe the Comcast - a rather large cable provider with about
> TWENTY FOUR MILLION IP ADDRESSES has "one" DNS server? That's a pretty

The have three of them, according to information
from Sam Spade, which checks various registation
databases. On rare occasion, all three DNS servers
will go down, though that has not happened in several
months.

Archived from groups: comp.security.firewalls (More info?)

In the Usenet newsgroup comp.security.firewalls, in article
<HdSdnWWXTvxmfpLeRVn-3A@comcast.com>, Charles Newman wrote:

>"Moe Trin" <ibuprofin@painkiller.example.tld> wrote

>> Charles Newman wrote:

>>> Sometimes Comcast's DNS server breaks, and
>>> when that happens, I get the same kinds of problems
>>> as the OP.
>>
>> So, you believe the Comcast - a rather large cable provider with about
>> TWENTY FOUR MILLION IP ADDRESSES has "one" DNS server? That's a pretty
>
> The have three of them, according to information
>from Sam Spade, which checks various registation
>databases.

Charles - in the section that followed the about I mentioned finding TEN,
and I'm not even trying hard. You've got to learn that toy tools provide
toy answers - incomplete ones to be sure.

>On rare occasion, all three DNS servers
>will go down, though that has not happened in several
>months.

No, that's much more likely a screwed up configuration on your firewall,
as the servers are scattered across several different netblocks that I can
see, and the names suggest they are located in Los Angeles, Denver,
Fairfax, Philadelphia, and Boston (at least).

Old guy