Multiple foreign domains within 'My network places'

Discussion in 'Computer Support' started by test2005@bgop.org.uk, May 23, 2006.

  1. Guest

    We have a bit of a weird problem. We have a Windows 2000 based domain
    with W2k and XP clients. Over the last few days, I have noticed in 'my
    network places' that there are 6 other domains listed that are nothing
    to do with us. These domains are not accessible and error message
    stating this comes up when you double click on them. However, this is
    confusing to users and is potentially a security breach. I have no idea
    of how to start troubleshooting this. Any suggestions anyone? Has
    anyone seen this before?

    Thanks.
     
    , May 23, 2006
    #1
    1. Advertising

  2. why? Guest

    4 group x-post trimmed to 24hshd from
    microsoft.public.win2000.networking,24hoursupport.helpdesk,
    microsoft.public.win2000.general,microsoft.public.windowsxp.general

    On 23 May 2006 04:22:59 -0700, wrote:

    >
    >We have a bit of a weird problem. We have a Windows 2000 based domain
    >with W2k and XP clients. Over the last few days, I have noticed in 'my
    >network places' that there are 6 other domains listed that are nothing

    <snip>
    >confusing to users and is potentially a security breach. I have no idea
    >of how to start troubleshooting this. Any suggestions anyone? Has
    >anyone seen this before?


    Packet sniffer, look for the domain announcement messages.

    Seen this before, could tell at work when MSHOME workgroup started
    appearing, people using home laptops on works network to download.
    As you say a security breach.


    Me
     
    why?, May 23, 2006
    #2
    1. Advertising

  3. Guest

    Thanks so much for the advice. Although I am MCSE, I dont really do
    much outside maintaining servers and find much of this network stuff
    quite baffling. I think you are definitely along the right lines here.
    I am watching the fort while the infrastructure manager is away.
    However, I believe before he went he did some fiddling on the network
    which involved a DSL line and a wireless router being connected to a
    switch that itself is connected to the network. I do not want to
    interfere with his work while he is away, but I am concerned by this. I
    do not understand though how a DSL connection to the main network would
    cause just 6 specific domains to appear - if the network is connected
    to the internet, you might think that thousands might appear. Any
    thoughts?

    In answer to Todd questions: Ethernet; not really but my (absent) boss
    might; yes; we connect to an outside company via VPNS as our New Media
    team have externally hosted servers - however the problem with other
    domains happened only a few days ago, and we have had the VPN for
    years;and yes I disconnected the Wireless router and the dsl line but
    there was no change.

    I also tried running Ethereal like the other guy kindly suggested, but
    my network troubleshooting knowledge is sadly lacking to interpret the
    data.

    Thanks again for everyone who offered advice.
     
    , May 25, 2006
    #3
  4. why? Guest

    x-post trimmed to 24HSHD from
    microsoft.public.win2000.networking,24hoursupport.helpdesk,
    microsoft.public.win2000.general,microsoft.public.windowsxp.general

    On 25 May 2006 07:10:42 -0700, wrote:

    >Thanks so much for the advice. Although I am MCSE, I dont really do
    >much outside maintaining servers and find much of this network stuff
    >quite baffling. I think you are definitely along the right lines here.

    <snip>

    >In answer to Todd questions: Ethernet; not really but my (absent) boss


    Which replies? You x-posted to several groups and didn't set a follow-up
    to make the replies go to 1 specific group. This means having to check
    every group, oddly enough I don't subscribe to the others. Oh right you
    said you are an MCSE.


    >I also tried running Ethereal like the other guy kindly suggested, but
    >my network troubleshooting knowledge is sadly lacking to interpret the


    Traffic on port 137-139,445, the usual suspects.
    http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm

    >data.


    You are looking for NBNS and SMB traffic, should be in the MCSE stuff
    somewhere about Wins and NetBIOS, Host / Browser list announcements.

    >Thanks again for everyone who offered advice.


    Me
     
    why?, May 25, 2006
    #4
  5. Someuser Guest

    You may have a bigger problem than you think since this could be caused by
    unauthorized users using your wireless router if the setup was not secured
    by WEP or WAP. I assume you have access to a laptop with a wireless card, if
    you are running XP, view wireless networks and see if yours comes up
    unsecured, if it does secure it immediately or unplug it immediately from
    your network otherwise your whole network security could be comprimised.

    If your wireless router maintains a list of connected devices, verify if any
    such connections do not belong to your organization. Now depending on your
    dhcp server, you may also examine it to see if there any unknown machines
    names or MAC addresses are registered. Same goes for your wins server if you
    are using one.

    Personally, I feel that wireless routers in an organization should be
    contained within a separate dmz, just in case of a security breach. You
    could allow restricted acces to the internet but require a vpn connection to
    connect to the lan.

    James
     
    Someuser, May 27, 2006
    #5
  6. Guest

    Hi. Thanks a lot for this, but I have since found out what happened.
    The company hosting our external servers had screwed up by plugging us
    on the same switch as other companies' domains, without isolating us on
    a VLAN. They have now sorted it now. Thanks again to everyone who
    offered advice.

    Someuser wrote:
    > You may have a bigger problem than you think since this could be caused by
    > unauthorized users using your wireless router if the setup was not secured
    > by WEP or WAP. I assume you have access to a laptop with a wireless card, if
    > you are running XP, view wireless networks and see if yours comes up
    > unsecured, if it does secure it immediately or unplug it immediately from
    > your network otherwise your whole network security could be comprimised.
    >
    > If your wireless router maintains a list of connected devices, verify if any
    > such connections do not belong to your organization. Now depending on your
    > dhcp server, you may also examine it to see if there any unknown machines
    > names or MAC addresses are registered. Same goes for your wins server if you
    > are using one.
    >
    > Personally, I feel that wireless routers in an organization should be
    > contained within a separate dmz, just in case of a security breach. You
    > could allow restricted acces to the internet but require a vpn connection to
    > connect to the lan.
    >
    > James
     
    , May 31, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rush

    My Network Places | Entire Network ??

    Rush, Sep 21, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,804
  2. =?Utf-8?B?TGFuZU5lbQ==?=

    Wireless network not appearing in "My Network Places"

    =?Utf-8?B?TGFuZU5lbQ==?=, Dec 16, 2004, in forum: Wireless Networking
    Replies:
    4
    Views:
    7,452
  3. bosoxny
    Replies:
    1
    Views:
    1,174
    Barb Bowman
    Jan 20, 2008
  4. pez
    Replies:
    1
    Views:
    1,515
    Dragon Without Wings
    Mar 15, 2008
  5. Larry

    exchange, multiple domains

    Larry, Jul 24, 2006, in forum: MCSA
    Replies:
    1
    Views:
    322
    Maxim M. Kazachek
    Aug 3, 2006
Loading...

Share This Page