Xen users - Sep 2009 - latest GPLPV drivers 0.10.0.86 and microsoft.com

Hi,

 

Can anyone ping www.microsoft.com  running those drivers on windows 2003
R2 SP2 ?

 

We can ping all other sites but this one, its very strange.

 

Thanks

 

Ian

 

 



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Can you ping it with any other hosts that are not VMs?

Quoting Ian Tobin <itobin@tidyhosts.com>:
> Hi,
>
>
>
> Can anyone ping www.microsoft.com  running those drivers on windows 2003
> R2 SP2 ?
>
>
>
> We can ping all other sites but this one, its very strange.
>
>
>
> Thanks
>
>
>
> Ian
>
>
>
>
>
>




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> 
> Can anyone ping www.microsoft.com  running those drivers on windows
2003 R2
> SP2 ?
> 
> We can ping all other sites but this one, its very strange.
> 
I''m not sure that www.microsoft.com is pingable anyway.

If you are using http and still having problems, try and turn off
checksum offload

James

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

Its not pingale as they have it turned off but it doesn''t even resolve
the hostname so you can''t get on the website.  DNS is fine, ive
testeded
that on another physical machine and can resolv and get ont the website
fine.

How do i disable the checksum?

Thanks

Ian


-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au] 
Sent: 04 September 2009 03:11
To: Ian Tobin; xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
microsoft.com
> 
> Can anyone ping www.microsoft.com  running those drivers on windows
2003 R2
> SP2 ?
> 
> We can ping all other sites but this one, its very strange.
> 
I''m not sure that www.microsoft.com is pingable anyway.

If you are using http and still having problems, try and turn off
checksum offload

James



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

In the advanced properties of the Xen ethernet adapter.


Nerijus


On Fri, Sep 4, 2009 at 10:58 AM, Ian Tobin <itobin@tidyhosts.com> wrote:
> Hi,
>
> Its not pingale as they have it turned off but it doesn''t even
resolve
> the hostname so you can''t get on the website.  DNS is fine, ive
testeded
> that on another physical machine and can resolv and get ont the website
> fine.
>
> How do i disable the checksum?
>
> Thanks
>
> Ian
>
>
> -----Original Message-----
> From: James Harper [mailto:james.harper@bendigoit.com.au]
> Sent: 04 September 2009 03:11
> To: Ian Tobin; xen-users@lists.xensource.com
> Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
> microsoft.com
>
> >
> > Can anyone ping www.microsoft.com  running those drivers on windows
> 2003 R2
> > SP2 ?
> >
> > We can ping all other sites but this one, its very strange.
> >
>
> I''m not sure that www.microsoft.com is pingable anyway.
>
> If you are using http and still having problems, try and turn off
> checksum offload
>
> James
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Tried the checksum but had no effect.

Its really strange,  some people have said lower the MTU but you can''t
lower it anything less than 1500

Thanks

Ian


-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au] 
Sent: 04 September 2009 03:11
To: Ian Tobin; xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
microsoft.com
> 
> Can anyone ping www.microsoft.com  running those drivers on windows
2003 R2
> SP2 ?
> 
> We can ping all other sites but this one, its very strange.
> 
I''m not sure that www.microsoft.com is pingable anyway.

If you are using http and still having problems, try and turn off
checksum offload

James



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Sep 4, 2009 at 2:58 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Hi,
>
> Its not pingale as they have it turned off but it doesn''t even
resolve
> the hostname so you can''t get on the website.  DNS is fine, ive
testeded
> that on another physical machine and can resolv and get ont the website
> fine.
Is this problem specific to your WIndows domU AND microsoft.com?

Generally speaking, if that domU can resolv other domains just fine,
then most likely the problem is with DNS, either your server or
microsoft. Try nslookup from your domU and another physical host on
your system, on the same network, using the same DNS server.
Also try nslookup on other domains.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Nslookup works fine, DNS works fine, im using the same DNS on another DomU and
that works ok.  When attempting to ping there isn''t even a delay while
it tries to resolve it.

No spyware, its a fresh DomU. 

I am building another one without any config to see if that works

Thanks

Ian


-----Original Message-----
From: Fajar A. Nugraha [mailto:fajar@fajar.net] 
Sent: 04 September 2009 12:26
To: Ian Tobin
Cc: xen-users@lists.xensource.com
Subject: Re: [Xen-users] latest GPLPV drivers 0.10.0.86 and microsoft.com

On Fri, Sep 4, 2009 at 2:58 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Hi,
>
> Its not pingale as they have it turned off but it doesn''t even
resolve
> the hostname so you can''t get on the website.  DNS is fine, ive
testeded
> that on another physical machine and can resolv and get ont the website
> fine.
Is this problem specific to your WIndows domU AND microsoft.com?

Generally speaking, if that domU can resolv other domains just fine,
then most likely the problem is with DNS, either your server or
microsoft. Try nslookup from your domU and another physical host on
your system, on the same network, using the same DNS server.
Also try nslookup on other domains.

-- 
Fajar



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Sep 4, 2009 at 6:40 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Nslookup works fine, DNS works fine, im using the same DNS on another DomU
and that works ok.  When attempting to ping there isn''t even a delay
while it tries to resolve it.
>
So let me get this straight. DNS works fine, on domU and pyhiscal
servers. You just can''t ping microsoft.com?

If that''s the case then it''s supposed to be that way.
microsoft.com is
blocking pings. Try pinging from a physical machine and you should get
the same result.

Now if you CAN do "nslookup microsoft.com" but you can''t
access it
from browser, then it''s browser/OS issue. Perhaps misconfigured proxy?
Malware? entry on c:\windows\system32\drivers\etc\hosts?

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> 
> On Fri, Sep 4, 2009 at 6:40 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> > Nslookup works fine, DNS works fine, im using the same DNS on another
DomU
> and that works ok.  When attempting to ping there isn''t even a
delay while it
> tries to resolve it.
> >
> 
> So let me get this straight. DNS works fine, on domU and pyhiscal
> servers. You just can''t ping microsoft.com?
> 
> If that''s the case then it''s supposed to be that way.
microsoft.com is
> blocking pings. Try pinging from a physical machine and you should get
> the same result.
> 
> Now if you CAN do "nslookup microsoft.com" but you can''t
access it
> from browser, then it''s browser/OS issue. Perhaps misconfigured
proxy?
> Malware? entry on c:\windows\system32\drivers\etc\hosts?
> 
Unless it works on the same machine without GPLPV (eg boot with /NOGPLPV in
boot.ini) but doesn''t work with GPLPV...

James

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

I realise you can''t ping Microsoft.com, but the problem is it just
doesn''t even resolve the IP address.  Its any Microsoft.com websites.

Theres no malware as its a fresh build.  I have just finished creating the new
image and now it can ping but i have not installed anything yet so ill do it
once step at a time.

Just for your info its 2 seperate DomUs having this problem maintained by
different people so unlikely a config problem.

Ill let you know.  

Oh and tried disabling the PV drivers but had  no effect

Thanks

Ian



-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au] 
Sent: 04 September 2009 13:10
To: Fajar A. Nugraha; Ian Tobin
Cc: xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and microsoft.com
> 
> On Fri, Sep 4, 2009 at 6:40 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> > Nslookup works fine, DNS works fine, im using the same DNS on another
DomU
> and that works ok.  When attempting to ping there isn''t even a
delay while it
> tries to resolve it.
> >
> 
> So let me get this straight. DNS works fine, on domU and pyhiscal
> servers. You just can''t ping microsoft.com?
> 
> If that''s the case then it''s supposed to be that way.
microsoft.com is
> blocking pings. Try pinging from a physical machine and you should get
> the same result.
> 
> Now if you CAN do "nslookup microsoft.com" but you can''t
access it
> from browser, then it''s browser/OS issue. Perhaps misconfigured
proxy?
> Malware? entry on c:\windows\system32\drivers\etc\hosts?
> 
Unless it works on the same machine without GPLPV (eg boot with /NOGPLPV in
boot.ini) but doesn''t work with GPLPV...

James



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Sep 4, 2009 at 7:21 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Hi,
>
> I realise you can''t ping Microsoft.com, but the problem is it just
doesn''t even resolve the IP address.  Its any Microsoft.com websites.
AF, OK, so we''re getting close. Previously you said DNS is fine :D

Can you run this on the PV domU AND a physical machine on the same
network, and paste the results :
- nslookup www.microsoft.com
- ping www.microsoft.com
- the error message when you try to access www.microsoft.com

Also if possible, try setting up Bind
(https://www.isc.org/software/bind), and run "dig +trace
microsoft.com". It should print the DNS query path. Here''s the
result
from my PC:

$ dig +trace microsoft.com

; <<>> DiG 9.5.1-P2 <<>> +trace microsoft.com
;; global options:  printcmd
.			4190	IN	NS	I.ROOT-SERVERS.NET.
.			4190	IN	NS	J.ROOT-SERVERS.NET.
.			4190	IN	NS	K.ROOT-SERVERS.NET.
.			4190	IN	NS	L.ROOT-SERVERS.NET.
.			4190	IN	NS	M.ROOT-SERVERS.NET.
.			4190	IN	NS	A.ROOT-SERVERS.NET.
.			4190	IN	NS	B.ROOT-SERVERS.NET.
.			4190	IN	NS	C.ROOT-SERVERS.NET.
.			4190	IN	NS	D.ROOT-SERVERS.NET.
.			4190	IN	NS	E.ROOT-SERVERS.NET.
.			4190	IN	NS	F.ROOT-SERVERS.NET.
.			4190	IN	NS	G.ROOT-SERVERS.NET.
.			4190	IN	NS	H.ROOT-SERVERS.NET.
;; Received 448 bytes from 192.168.17.15#53(192.168.17.15) in 21 ms

com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
;; Received 491 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 101 ms

microsoft.com.		172800	IN	NS	ns1.msft.net.
microsoft.com.		172800	IN	NS	ns2.msft.net.
microsoft.com.		172800	IN	NS	ns3.msft.net.
microsoft.com.		172800	IN	NS	ns4.msft.net.
microsoft.com.		172800	IN	NS	ns5.msft.net.
;; Received 209 bytes from 192.48.79.30#53(J.GTLD-SERVERS.NET) in 227 ms

microsoft.com.		3600	IN	A	207.46.232.182
microsoft.com.		3600	IN	A	207.46.197.32
;; Received 63 bytes from 64.4.59.173#53(ns2.msft.net) in 208 ms


Probably you''re having network problems connecting to ns*.msft.net?
>
> Theres no malware as its a fresh build.  I have just finished creating the
new image and now it can ping but i have not installed anything yet so ill do it
once step at a time.
>
> Just for your info its 2 seperate DomUs having this problem maintained by
different people so unlikely a config problem.
>
> Ill let you know.
>
> Oh and tried disabling the PV drivers but had  no effect
That pretty much ruled out PV driver problem.

If ALL DNS lookup fails, I''d say it''s probably network issue.
But
since it''s only microsoft.com, I''m suspecting problem with
your
existing DNS server or connection to MS'' name server.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

Ok here is the results

-----------------------------------------------------------------------------

C:\Documents and Settings\support>nslookup www.microsoft.com
Server:  ns1.externalresolver.rapidswitch.com
Address:  87.117.198.200

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Address:  64.4.31.252
Aliases:  www.microsoft.com, toggle.www.ms.akadns.net
          g.www.ms.akadns.net


C:\Documents and Settings\support>

---------------------------------------------------------------------------------




-----------------------------------------------------------------------------------

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\support>ping www.microsoft.com
Ping request could not find host www.microsoft.com. Please check the name and
try again.

C:\Documents and Settings\support>

--------------------------------------------------------------------------------------



--------------------------------------------------------------------------------------

The page cannot be displayed 
The page you are looking for is currently unavailable. The Web site might be
experiencing technical difficulties, or you may need to adjust your browser
settings.


Please try the following:

Click the  Refresh button, or try again later.

If you typed the page address in the Address bar, make sure that it is spelled
correctly.

To check your connection settings, click the Tools menu, and then click Internet
Options. On the Connections tab, click Settings. The settings should match those
provided by your local area network (LAN) administrator or Internet service
provider (ISP).
See if your Internet connection settings are being detected. You can set
Microsoft Windows to examine your network and automatically discover network
connection settings (if your network administrator has enabled this setting).
Click the Tools menu, and then click Internet Options. 
On the Connections tab, click LAN Settings. 
Select Automatically detect settings, and then click OK. 
Some sites require 128-bit connection security. Click the Help menu and then
click About Internet Explorer to determine what strength security you have
installed.
If you are trying to reach a secure site, make sure your Security settings can
support it. Click the Tools menu, and then click Internet Options. On the
Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL
3.0, TLS 1.0, PCT 1.0.
Click the  Back button to try another link. 



Cannot find server or DNS Error
Internet Explorer  

----------------------------------------------------------------------------


I haven''t done the bond, can it be run on windows?

Thanks

Ian



-----Original Message-----
From: Fajar A. Nugraha [mailto:fajar@fajar.net] 
Sent: 04 September 2009 13:46
To: Ian Tobin
Cc: xen-users@lists.xensource.com
Subject: Re: [Xen-users] latest GPLPV drivers 0.10.0.86 and microsoft.com

On Fri, Sep 4, 2009 at 7:21 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Hi,
>
> I realise you can''t ping Microsoft.com, but the problem is it just
doesn''t even resolve the IP address.  Its any Microsoft.com websites.
AF, OK, so we''re getting close. Previously you said DNS is fine :D

Can you run this on the PV domU AND a physical machine on the same
network, and paste the results :
- nslookup www.microsoft.com
- ping www.microsoft.com
- the error message when you try to access www.microsoft.com

Also if possible, try setting up Bind
(https://www.isc.org/software/bind), and run "dig +trace
microsoft.com". It should print the DNS query path. Here''s the
result
from my PC:

$ dig +trace microsoft.com

; <<>> DiG 9.5.1-P2 <<>> +trace microsoft.com
;; global options:  printcmd
.			4190	IN	NS	I.ROOT-SERVERS.NET.
.			4190	IN	NS	J.ROOT-SERVERS.NET.
.			4190	IN	NS	K.ROOT-SERVERS.NET.
.			4190	IN	NS	L.ROOT-SERVERS.NET.
.			4190	IN	NS	M.ROOT-SERVERS.NET.
.			4190	IN	NS	A.ROOT-SERVERS.NET.
.			4190	IN	NS	B.ROOT-SERVERS.NET.
.			4190	IN	NS	C.ROOT-SERVERS.NET.
.			4190	IN	NS	D.ROOT-SERVERS.NET.
.			4190	IN	NS	E.ROOT-SERVERS.NET.
.			4190	IN	NS	F.ROOT-SERVERS.NET.
.			4190	IN	NS	G.ROOT-SERVERS.NET.
.			4190	IN	NS	H.ROOT-SERVERS.NET.
;; Received 448 bytes from 192.168.17.15#53(192.168.17.15) in 21 ms

com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
;; Received 491 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 101 ms

microsoft.com.		172800	IN	NS	ns1.msft.net.
microsoft.com.		172800	IN	NS	ns2.msft.net.
microsoft.com.		172800	IN	NS	ns3.msft.net.
microsoft.com.		172800	IN	NS	ns4.msft.net.
microsoft.com.		172800	IN	NS	ns5.msft.net.
;; Received 209 bytes from 192.48.79.30#53(J.GTLD-SERVERS.NET) in 227 ms

microsoft.com.		3600	IN	A	207.46.232.182
microsoft.com.		3600	IN	A	207.46.197.32
;; Received 63 bytes from 64.4.59.173#53(ns2.msft.net) in 208 ms


Probably you''re having network problems connecting to ns*.msft.net?
>
> Theres no malware as its a fresh build.  I have just finished creating the
new image and now it can ping but i have not installed anything yet so ill do it
once step at a time.
>
> Just for your info its 2 seperate DomUs having this problem maintained by
different people so unlikely a config problem.
>
> Ill let you know.
>
> Oh and tried disabling the PV drivers but had  no effect
That pretty much ruled out PV driver problem.

If ALL DNS lookup fails, I''d say it''s probably network issue.
But
since it''s only microsoft.com, I''m suspecting problem with
your
existing DNS server or connection to MS'' name server.

-- 
Fajar



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Sep 4, 2009 at 9:04 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Hi,
>
> Ok here is the results
>
>
-----------------------------------------------------------------------------
>
> C:\Documents and Settings\support>nslookup www.microsoft.com
> Server:  ns1.externalresolver.rapidswitch.com
> Address:  87.117.198.200
>
> Non-authoritative answer:
> Name:    lb1.www.ms.akadns.net
> Address:  64.4.31.252
> Aliases:  www.microsoft.com, toggle.www.ms.akadns.net
>          g.www.ms.akadns.net
>
>
> C:\Documents and Settings\support>
>
>
---------------------------------------------------------------------------------
>
>
>
>
>
-----------------------------------------------------------------------------------
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\support>ping www.microsoft.com
> Ping request could not find host www.microsoft.com. Please check the name
and try again.
Okay, so nslookup CAN find the host (64.4.31.252) but ping CAN NOT
find the host. The only time I have seen something like this is on
malware-infected servers.

Either way, it''s not Xen issue anymore. Xen''s networking can
pass UDP
DNS traffic just fine (nslookup got the correct result). You might
have better luck asking MS guys why nslookup can succeed while ping
can''t find the host, and how to fix the problem.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> >
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> >
> > C:\Documents and Settings\support>ping www.microsoft.com
> > Ping request could not find host www.microsoft.com. Please check the
name
> and try again.
> 
> Okay, so nslookup CAN find the host (64.4.31.252) but ping CAN NOT
> find the host. The only time I have seen something like this is on
> malware-infected servers.
> 
> Either way, it''s not Xen issue anymore. Xen''s networking
can pass UDP
> DNS traffic just fine (nslookup got the correct result). You might
> have better luck asking MS guys why nslookup can succeed while ping
> can''t find the host, and how to fix the problem.
> 
Not so fast there... I think nslookup will still default to searching
for an A record, but I''m pretty sure that ping will first look for an
AAAA record under Vista and above.

Try doing ''ping -4 www.microsoft.com'' and see if that makes a
difference. I certainly get ''Ping request could not find host
www.microsoft.com. Please check the name and try again.'' When I try
ping
-6, although the default behaviour _should- be to try ipv6 and then fall
back to ipv4...

If that works, and you really don''t use ipv6 for all, disable it as a
protocol on the network adapter. Maybe you already did this before but
then installed gplpv which installs a new adapter and has ipv6 enabled
again? Or maybe you want to use ipv6 and for some reason it doesn''t
work
with gplpv... I haven''t tested that very much.

James


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

I appreciate what your saying and I agree its not a specific gplpv issue (sorry
for thinking it was) but it can''t be a malware problem as i built the
new image (twice) from scratch (CD mounted) and has had the same problem. It
worked until i enabled remote desktop and rebooted, probably coincidence but im
lost.

In my 20 years of windows admin ive never seen this issue before so its a new
one on me.

Thanks for your advice though, its been of great help, keep up the great
support!  I just hope i can find a resolution that may help others who may face
the same issue.

Ian


-----Original Message-----
From: Fajar A. Nugraha [mailto:fajar@fajar.net] 
Sent: 04 September 2009 15:53
To: Ian Tobin
Cc: xen-users@lists.xensource.com
Subject: Re: [Xen-users] latest GPLPV drivers 0.10.0.86 and microsoft.com

On Fri, Sep 4, 2009 at 9:04 PM, Ian Tobin<itobin@tidyhosts.com>
wrote:
> Hi,
>
> Ok here is the results
>
>
-----------------------------------------------------------------------------
>
> C:\Documents and Settings\support>nslookup www.microsoft.com
> Server:  ns1.externalresolver.rapidswitch.com
> Address:  87.117.198.200
>
> Non-authoritative answer:
> Name:    lb1.www.ms.akadns.net
> Address:  64.4.31.252
> Aliases:  www.microsoft.com, toggle.www.ms.akadns.net
>          g.www.ms.akadns.net
>
>
> C:\Documents and Settings\support>
>
>
---------------------------------------------------------------------------------
>
>
>
>
>
-----------------------------------------------------------------------------------
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\support>ping www.microsoft.com
> Ping request could not find host www.microsoft.com. Please check the name
and try again.
Okay, so nslookup CAN find the host (64.4.31.252) but ping CAN NOT
find the host. The only time I have seen something like this is on
malware-infected servers.

Either way, it''s not Xen issue anymore. Xen''s networking can
pass UDP
DNS traffic just fine (nslookup got the correct result). You might
have better luck asking MS guys why nslookup can succeed while ping
can''t find the host, and how to fix the problem.

-- 
Fajar



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Sorry, didn''t see this reply before i replied, ill check that and reply
with the response. Again i appreciate all your advices and effort

Ian



-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au] 
Sent: 05 September 2009 01:55
To: Fajar A. Nugraha; Ian Tobin
Cc: xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
microsoft.com
> >
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> >
> > C:\Documents and Settings\support>ping www.microsoft.com
> > Ping request could not find host www.microsoft.com. Please check the
name
> and try again.
> 
> Okay, so nslookup CAN find the host (64.4.31.252) but ping CAN NOT
> find the host. The only time I have seen something like this is on
> malware-infected servers.
> 
> Either way, it''s not Xen issue anymore. Xen''s networking
can pass UDP
> DNS traffic just fine (nslookup got the correct result). You might
> have better luck asking MS guys why nslookup can succeed while ping
> can''t find the host, and how to fix the problem.
> 
Not so fast there... I think nslookup will still default to searching
for an A record, but I''m pretty sure that ping will first look for an
AAAA record under Vista and above.

Try doing ''ping -4 www.microsoft.com'' and see if that makes a
difference. I certainly get ''Ping request could not find host
www.microsoft.com. Please check the name and try again.'' When I try
ping
-6, although the default behaviour _should- be to try ipv6 and then fall
back to ipv4...

If that works, and you really don''t use ipv6 for all, disable it as a
protocol on the network adapter. Maybe you already did this before but
then installed gplpv which installs a new adapter and has ipv6 enabled
again? Or maybe you want to use ipv6 and for some reason it doesn''t
work
with gplpv... I haven''t tested that very much.

James




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

In the end this turned out to be some worm getting onto the VPS before
we had chance to enable the firewall so now we are building the images
offline, enabling the firewall and putting them on the net.

Very strange how quickly it got infected but lessons learned.

Big thanks for James and Fajar for the advice.

On another note we cant put a perimeter firewall in place as the servers
are on the internet in the datacenter.

Thanks again

Ian

-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au] 
Sent: 05 September 2009 01:55
To: Fajar A. Nugraha; Ian Tobin
Cc: xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
microsoft.com
> >
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> >
> > C:\Documents and Settings\support>ping www.microsoft.com
> > Ping request could not find host www.microsoft.com. Please check the
name
> and try again.
> 
> Okay, so nslookup CAN find the host (64.4.31.252) but ping CAN NOT
> find the host. The only time I have seen something like this is on
> malware-infected servers.
> 
> Either way, it''s not Xen issue anymore. Xen''s networking
can pass UDP
> DNS traffic just fine (nslookup got the correct result). You might
> have better luck asking MS guys why nslookup can succeed while ping
> can''t find the host, and how to fix the problem.
> 
Not so fast there... I think nslookup will still default to searching
for an A record, but I''m pretty sure that ping will first look for an
AAAA record under Vista and above.

Try doing ''ping -4 www.microsoft.com'' and see if that makes a
difference. I certainly get ''Ping request could not find host
www.microsoft.com. Please check the name and try again.'' When I try
ping
-6, although the default behaviour _should- be to try ipv6 and then fall
back to ipv4...

If that works, and you really don''t use ipv6 for all, disable it as a
protocol on the network adapter. Maybe you already did this before but
then installed gplpv which installs a new adapter and has ipv6 enabled
again? Or maybe you want to use ipv6 and for some reason it doesn''t
work
with gplpv... I haven''t tested that very much.

James




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> 
> In the end this turned out to be some worm getting onto the VPS before
> we had chance to enable the firewall so now we are building the images
> offline, enabling the firewall and putting them on the net.
> 
> Very strange how quickly it got infected but lessons learned.
> 
> Big thanks for James and Fajar for the advice.
> 
> On another note we cant put a perimeter firewall in place as the
servers
> are on the internet in the datacenter.
> 
You could firewall in Dom0 though.

Here (http://isc.sans.org/diary.html?storyid=7093&rss) is another good
reason why you should firewall early and firewall often :)

James

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

But firewalling Dom 0 doesn''t affect the VMs?  

And also if you did that you might not want to block certain ports as it
could be different on every VM.

BTW what is the best way of firewalling a Dom 0 built from the lenny
debs?

Thanks

Ian



-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au] 
Sent: 08 September 2009 14:03
To: Ian Tobin; Fajar A. Nugraha
Cc: xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
microsoft.com
> 
> In the end this turned out to be some worm getting onto the VPS before
> we had chance to enable the firewall so now we are building the images
> offline, enabling the firewall and putting them on the net.
> 
> Very strange how quickly it got infected but lessons learned.
> 
> Big thanks for James and Fajar for the advice.
> 
> On another note we cant put a perimeter firewall in place as the
servers
> are on the internet in the datacenter.
> 
You could firewall in Dom0 though.

Here (http://isc.sans.org/diary.html?storyid=7093&rss) is another good
reason why you should firewall early and firewall often :)

James



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Actually, firewalling the dom0 *can* impact domUs, depending on how you do it. 
You can put firewall rules onto a physical interface that affect all of the
traffic that goes through that interface, whether the destination is the dom0 or
not.  In fact, if you put iptables rules in place on your dom0 that limit access
from outside to port 22 on the dom0 IP, that is going to eliminate all traffic
except the traffic destined for dom0.  You need to construct your rules in such
a way as to make sure traffic can flow between dom0 and outside and domUs and
outside.

-Nick
>>> On 2009/09/08 at 08:22, "Ian Tobin"
<itobin@tidyhosts.com> wrote:

But firewalling Dom 0 doesn''t affect the VMs? 

And also if you did that you might not want to block certain ports as it
could be different on every VM.

BTW what is the best way of firewalling a Dom 0 built from the lenny
debs?

Thanks

Ian



-----Original Message-----
From: James Harper [mailto:james.harper@bendigoit.com.au]
Sent: 08 September 2009 14:03
To: Ian Tobin; Fajar A. Nugraha
Cc: xen-users@lists.xensource.com
Subject: RE: [Xen-users] latest GPLPV drivers 0.10.0.86 and
microsoft.com
>
> In the end this turned out to be some worm getting onto the VPS before
> we had chance to enable the firewall so now we are building the images
> offline, enabling the firewall and putting them on the net.
>
> Very strange how quickly it got infected but lessons learned.
>
> Big thanks for James and Fajar for the advice.
>
> On another note we cant put a perimeter firewall in place as the
servers
> are on the internet in the datacenter.
>
You could firewall in Dom0 though.

Here (http://isc.sans.org/diary.html?storyid=7093&rss) is another good
reason why you should firewall early and firewall often :)

James






--------
This e-mail may contain confidential and privileged material for the sole use of
the intended recipient.  If this email is not intended for you, or you are not
responsible for the delivery of this message to the intended recipient, please
note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information.  In such a case, you are strictly prohibited
from downloading, photocopying, distributing or otherwise using this message,
its contents or attachments in any way.  If you have received this message in
error, please notify us immediately by replying to this e-mail and delete the
message from your mailbox.  Information contained in this message that does not
relate to the business of SEAKR is neither endorsed by nor attributable to
SEAKR.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users