routing issue

B

Brian E

I have an issue with a few servers, the few I have found so far, that are basically learning routes dynamically.
Background:
CompanyA sits in an outsourced data center that uses their IP addressing scheme in order to function across all of their sites. Outsourcing company sits behind firewalls that allow specific access into companyA's network in order to provide support to these systems. The normal routing is local systems have d-gway that points to companyA's routers in order to route, no special tables or routes are need on local machines, core routers handle it all.
This has been like this for 2 years, no issues.
Suddenly I am seeing some 2000 servers that are adding routes to the local routing tables dynamically and they are causing problems. If you delete one of these routes it will come back within seconds or minutes.
None of the systems in question are running routing protocols, the routing remote access service is disabled.

My question is how in the world does 2000 dymanically learn routes without running a routing protocal?
Before anyone asks there is no scheduled task doing this and it is not user defined.
Any help is appreciated.
 
M

Mohammad-Ali

Hi Brian,
Are you sure that you are not under DoS attack? adversaries may run arbitrary codes on your servers using buffer overflow within your system. check if you have your windows fully patched. or maybe you need to investigate if another service is compromised to do that. 2 years is a long time for a hacker to breach into Win2K, make sure that you don't have any unnecessary service running on your server. I usually stop Server if I don't need it :)

I hope that helps.

Kind Regards,
Mohammad-Ali

I have an issue with a few servers, the few I have found so far, that are basically learning routes dynamically.
Background:
CompanyA sits in an outsourced data center that uses their IP addressing scheme in order to function across all of their sites. Outsourcing company sits behind firewalls that allow specific access into companyA's network in order to provide support to these systems. The normal routing is local systems have d-gway that points to companyA's routers in order to route, no special tables or routes are need on local machines, core routers handle it all.
This has been like this for 2 years, no issues.
Suddenly I am seeing some 2000 servers that are adding routes to the local routing tables dynamically and they are causing problems. If you delete one of these routes it will come back within seconds or minutes.
None of the systems in question are running routing protocols, the routing remote access service is disabled.

My question is how in the world does 2000 dymanically learn routes without running a routing protocal?
Before anyone asks there is no scheduled task doing this and it is not user defined.
Any help is appreciated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

dymanic route table problem 20
How to save Static Route via command line 'route' 2
How does Windows choose NIC for routing, no gateway? 1
Demand-Dial/VPN and Rounting Updates 1
How do I read/interpret a (netstat) routing table ? 3
Vista / W2K8 -- Outgoing VPN blocks RDP/LAN connection ? 0
Another Demand Dial Question... 5
Tricky routing with XP Pro? 8

Top