Router Config Error

On Novell 3.12 System has been running for years with a 8 port 100mps hub and a 24 port 3com 10 mos hub.  Recently added a 3 Com 8 port 100 switch.  All was working fine. Today I replaced the old 10 mps hub and the 100 mps hub with a CNet 100 mos 24 port switch. I attempted to do it without downing the system, but logging off all users..... As I was switching cables...I started to get the following errors. "Router at node 00A0C9060ECA claims network 00000010 should be 00000020.  and "Router at node 00A0C9060EB9 claims network 00000010 should be 00000020. "   The server has 2 network cards in it...both going to the one hub..This forced the whole network I reinstalled the 10mps hub and at least got the network up.  but the errors continue. I want to reinstall the 100mps switch...and fix the errors..  HELP
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Geez, NetWare v3.12. Are you aware that is about 10 years old? And that its not supported by Novell (and hasn't been for years)? And that if you upgraded to, say, v5.1, you could get rid of IPX? The latest version is v6.5. I find it a little odd that you're upgrading the rest of your network infrastructure but you're leaving an ancient NOS version in place.

You said that server has two NICs. Is IPX bound to both NICs? Do the network numbers correspond to the ones bound to the NICs?

Previously, when you had two devices (hub & hub, or hub & switch) instead of one switch, did each NIC in the server go to a different device? Were the devices linked?
I wrote "Do the network numbers correspond to the ones bound to the NICs?"

That's unclear. I should have said "Do the network numbers in the error messages correspond to the ones bound to the NICs?"
Those IPX network number errors usually only occur if you have more than one IPX network number on the same network, running over the same IPX frame type.

The "router at node..." message is because all NetWare servers are routers.  The message is generated at the NetWare server with the first IPX network address bound with that IPX frame type.  The second part of the message is the network address that is in conflict.

This can occur if you have the wrong, or a different, IPX network address assigned to a NIC/frame type.

Does your server have two network cards running the *same* IPX frame type, but *different* IPX network addresses?  If yes, then that is your problem.  I don't know how it ever could have worked, unless you were somehow routing between the two network addresses; even then, you'd have been generating a bunch of unnecessary network traffic.

If you have two NICs bound to IPX in the same server, attached to the same physical network, they must not be running the same frame type.  If you didn't make any changes to the server, and did not have two separate, distinct IPX networks, then I don't know how this ever could have worked without error.

Expanding and concurring with PsiCop's comments - 3.12 is ancient, has been off product support for years, and is limited to IPX communications for the vast majority of network services.  It also does not work under a directory services model, but only with the old, EOL-ed, bindery services security model.

Unless the ONLY server you own, and can afford, is a 486 or 386, you should be running a more current version, like at least NetWare 5.1.  You should hang your head in shame if you are running WinXP Pro workstations on P4 multi-gigahertz processors with 1/2 GB or more of RAM, while relying on a 10-plus-year-old 386 or 486 to protect and serve your vital shared resources.
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

FYI - Bindery services is to NDS/eDirectory as a flat-reference access file is to Active Directory.

Bindery services were far ahead of the Microsoft Domain model, and eDirectory is even further ahead of the Microsoft AD model.
tvaccAuthor Commented:
It has not been upgraded for many reasons...none of which change the fact of thecurrent  problem. Will soon be moving to Windows network. This is just the beginning. Current business software is only available in DOS version. Am lookiing for a Win version. I am aware that this is an ancient system. Thanks for the answers...will check config and get back to you. To tell you the truth, it has been so long since I have worked on a NOvell system..I will have to refresh myself on how to find the answers you are asking.  What  I can tell you that there has not been a change to this server in 6 years.  It has been running as is.  Is IPX bound to both NICs?   YES  Previously, when you had two devices (hub & hub, or hub & switch) instead of one switch, did each NIC in the server go to a different device? NO Were the devices linked?  YES  I should have said "Do the network numbers in the error messages correspond to the ones bound to the NICs?"   Dont know...will check...but I have forgotten how...can you help there?  Should I just pull one of the network cards?

Well, in your environment, its unlikely that both NICs are really being used to anywhere near their capacity. I
wouldn't pull a NIC physically from the server, I'd simply comment out the relevant LOAD and BIND statements from AUTOEXEC.NCF. That way, if the other NIC failed, all you'd have to do is edit AUTOEXEC.NCF

Note that you can remove support for the NIC without having to reboot the server. Try that in Windoze.
I'm sorry to year that you will be downgrading to a Windows network.

I hesitate to recommend that you pull one of the network cards from the server.  It seems unlikely that you would have 2 NICs running the same IPX frame type and network number on the same server, and not know it until changing a piece of hardware - especially if changing it back doesn't fix the problem, seeing that is was working fine for 6 years untouched. (Let's see you try that with Windows, BTW...  hehe)

I suspect that you have something else out there broadcasting the same IPX network number on the same frame type, and that it is independent of the network hardware changes.
"...broadcasting the same IPX network number on the same frame type..."

Ooops, I meant broadcasting the different IPX network number on the same frame type.
ooops again.  "I'm sorry to year" should read "I'm sorry to hear."  Slip of the finger...
OK, the file that mostly controls a NetWare v3.12 server is AUTOEXEC.NCF, located in the SYS:SYSTEM subdirectory. You can edit it with the EDIT command. For example, at the console (:) prompt, you would type


and this would bring up the NetWare Text Editor and load the file.

The statements you're looking for **look like** this:


I can't say exactly what they are because you haven't identified your topology, the brand of NICs, the frame type of your network, etc. etc. So you need to look.

You'll see two sets of these statements, one for each NIC. Which set goes with which NIC? The "SLOT=" parameter is your best best for distinguishing between the NICs.

Once you have identified the proper LOAD and BIND statements, place a pound sign (#) in front of each to comment them out. Note that the "proper" statements to remove are NOT the ones for the IPX network number for which your router is configured.

To make the change take effect, you can either reboot (which is the Windoze way of doing things), or you can issue the UNBIND and UNLOAD commands at the console prompt and thereby shut down the NIC.

Again, I don't know what NICs you have, or much of anything else, so you're going to have to put your thinking cap on and interprolate what I put here:


IF the two NICs use different drivers (i.e. the LOAD statements do not load the same .LAN driver), then you can also


to unload the driver from memory. If they both use the same driver, then it was used re-entrantly and you can't unload it without rebooting.

You can now hook up to your switch and not get those nasty error messages.
I also am sorry to hear of your plans to downgrade to a Windoze environment. You just noted how your server has run reliably, with minimal intervention, for 6 YEARS. Do you honestly believe you'll get even 6 WEEKS of trouble-free performance from Windoze? Ever hear of NIMDA? Bugbear? Welchia? If you still think you're going to get anywhere near the reliability you've enjoyed for over half a decade, I have a bridge in Brooklyn that I'd like to sell you.

Sure, you have some app that's only available on Windoze. So? Is that a reason to convert your whole environment over to Windoze?  You can run it as a vertical app server while leaving your other business processes on a more reliable platform.
To retype the errant post:

I'm sorry to hear that you will be downgrading to a Windows-based network.

I hesitate to recommend that you pull one of the network cards from the server.  It seems unlikely that you would have 2 NICs running different IPX network numbers on two different frame types on the same sever and not know it until changing a piece of hardware on the network - especially if changing the hardware back doesn't fix the problem, seeing that it was working fine for 6 years untouched.  (Let's see you try that with a Windows-based network, btw... hehe)

I suspect you have something else out there broadcasting the oddball IPX numver on the same frame type as your server, and that it is independent of the network hardware changes.

... Hopefully that makes more sense.  Sorry about the misstatements and miskeys prior...
Gaaah!!! I made another mistake!!!.  The sentence should read "It seems unlikely that you would have 2 NICs running different IPX network numbers on THE SAME frame type on the same server and not know it until changing a piece of hardware on the network."

Sorry, it's been a long day... ;)
"Current business software is only available in DOS version. Am lookiing for a Win version."

Why not simply look for a CURRENT version?  What difference does it make if it is a WIN version or not?

It shouldn't make ANY difference unless your intent is to move to Windows no matter what the cost, in dollars, productivity, security or availability.
tvaccAuthor Commented:
Am I supposed to hit the "accept" button...when I read these?

Well anyways...I put this network in 10 years ago..when I considered myself somewhat good with Novell 3.12....Was forced to retire due to an illness with terminal possibilities....those possiblities did not come true...much to my happiness.. forward 6 years...I am better and getting back in the game so to speak...The owner of this server never got anybody else to work on this...and it has been chugging along...Now wants to have internet well more modern software.  He trusts me...and so I am trying to relearn all I have well as learn all the new stuff.

I cannot for the life of me think what is out there sending the same IPX number...but I will start to unplug things and see where and if it stops..

As i recall...I used to edit autoexec.ncf in the Novell Dir of the C: drive (boot drive)...was it there? or is it on the server in F:?  I will have to go back and read my books...

As to going to Windows over Novell..of course windows is not as reliable as Novell..but to a certain extent I have to do what the owner wants..and he wants a windows network.

Will check what you have given me...and appreiate your input and help. As I recall there was a place to edit the autoexec.ncf in Novell...or was that just a place to view it...either way..I will rem out the one card.

I was told by an old friend...who has not worked on Novell for almost as long as just enter in " Reset Router...or Router Reset."..?  Would not want to do that before double checking with you guys...Dont even know if that is appropriate..or if it will damge anything...

Again I appreicate all the help...and if you guys ever need a Lotus car...that is my real area of expertise...
I am glad that your illness did not become terminal.

Internet access and modern software does not equate to scrap all vestiges of Novell software.

If the owner trusts you, and you know and have communicated that a Windows-based network will be less reliable, why would he be insistent on a Windows-based network?

The reset command, if available on NetWare 3.12, should not adversely affect anything - unlike any similar command in a Windows environment would be likely to do.

Autoexec.ncf should be on the SYS volume, in the SYSTEM directory, not on C:

I would LOVE a Lotus car, but my wife would kill me for spending that much on a car.
I, also, am glad to hear your illness was not terminal. I had a friend go thru something similar about 2 years ago.

RESET ROUTER merely clears the software router's routing tables. In your situation it should have no real effect, since your server is not acting as a router (at least you haven't indicated that it is).

The file on the C: you're thinking of is STARTUP.NCF. That loads disk drivers, mainly, and by default is located in C:\SERVER.

The NIC drivers are typically loaded from SYS:SYSTEM by the file SYS:SYSTEM\AUTOEXEC.NCF

F: refers to a client drive mapping. It can, in theory, point anywhere on a server. By default, it will point to SYS:PUBLIC. Drive letters don't mean anything on the NetWare server console - it thinks in terms of Volumes (e.g. SYS:, DATA:, VOL1:) and directories. Hence commands like MOUNT SYS, not MOUNT F:

In NetWare v3.12, you could also edit the AUTOEXEC.NCF file using the INSTALL command (LOAD INSTALL). This is replaced in later versions of NetWare with NWCONFIG.

Wish I could afford a Lotus. :-)
Like ShineOn, I wonder if the owner wants a "Windows network" or just Windows workstations.

Ever since NetWare v6 (and this was an add-on for v5.1), NetWare has supported something called Native File Access Protocol. It allows the NetWare server to appear, to Windows client, to be a Windows server. It allows you to eliminate the NetWare Client software - the Windows clients think they are connecting to a Windows server. The only hint they have that such is not the case is that the server stays up for more than a week at a time. So it is possible for you to install NetWare (a much newer version, obviously) and natively support Windows clients without having to sacrifice the reliability and security you gain from having NetWare on the back end.

I understand that you've been out of the loop for awhile, but I really think it is worth your time to investigate NetWare v6.5, with an eye towards recommending it to your friend the owner. The business benefits of NetWare over Windows include:

1) Lower hardware requirements - this means lower cost of acquisition and a lower cost of maintenance
2) More functionality for the money - something like NetWare Small Business Server will give you file and print, E-Mail, and desktop management services for less cost than doing the near-equivalent in Windows
3) Immunity to a plethora of malware - viruses are targetted at Micro$oft environments...does your friend the owner want to make his business enterprise a bigger or smaller target?
4) More stable, easier to administer - when we the last time you even HEARD of (let alone actually saw) a Windows server go 6 years with practically no maintenance?

Don't make a hasty decision.
tvaccAuthor Commented:
Thanks for all the help to both of you....

I wish I could afford a Lotus NOW as well...but mine is 10 years website is I see that the concencus is to rem out the one network card..then down the server...and reload netware?

This problem appeared to start (just came to me) when I unplugged the 2 cables for the server... but I dont know if it was AFTER or BEFORE I plugged them back into the new switch...

My main concern is to not do anything to put his data at risk.

Your problem is a normal one.  It's easy to fix.... So DON'T DO ANYTHING DRASTIC.  Basically the following is occuring:
One of the piece of hardware is advertising its novell SAP network on a cabling system that it doesn't belong.  First, let's examine the problem:

You said:
"Router at node 00A0C9060ECA claims network 00000010 should be 00000020.  and "Router at node 00A0C9060EB9 claims network 00000010 should be 00000020. " 

What we have here is two devices on the same cabling system or network as Novell calls them.  Your cabling system are:  10 and 20.  The device MAC addresses are: 00A0C9060ECA and 00A0C9060EB9.  Based on the MAC address they are Intel (PRO100B and PRO100+) NICs.

The Fix:  You have the choice of doing it the easy way or the hard way.  The easy way should work - if it doesn't then it will be the hard way.

First check the server's network drivers to make sure they have network 10 and 20, of course the will - but let's start from square one.  Get the NIC's MAC address from the SYSconsole.  One of the NIC should have one of the above address.  Now, you concentrate on the devices on that network segment.

The easy way ONE:  If you move any hub/switch, router or print server from one network segment to another - power down that device and power it backup.  That may be the unit that is in the wrong network.

The easy way TWO:  
Power down the entire problem network segment (everything - every hub, switch, workstation, print server, jet direct box, other server, etc).... then power up the servers and the hub and switches and workstations and printer.... it should solve the problem - UNLESS one of the workstation hard code the network.

The hardway ONE:  You can go and power down one device at a time to see if it would get rid of the route error message.  Once you have identified the culprit - change its network id.

The hardway TWO:  Go to the server console - go down the login list and lookup the MAC address of the devices until you find the other NIC MAC.  Go to that device, power it down and then backup.  If that still doesn't fix the problem, that device had been hardcoded with the Network number - go to its property and change that number - shut it down and bring it backup - it should solve your problem.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PsiCop - on NetWare 3.x (and 4.x, and probably 5.x) pointed by default at SYS:\LOGIN.
Good catch, Gnart.  The 2 nics probably represent 802.2 on one IPX net and 802.3 on the other IPX net, but the network device doesn't care about frame type, and a power-reset of the network gear might clear it up really quickly.

I still think tvacc should think twice, or maybe three or four times, before going ahead with a downgrade to a Windows-based network.
aaaargh.  PsiCop - what I was talking about is the default F drive mapping...  >pulling hair out of head and slamming forhead against desk<
tvaccAuthor Commented:
Thanks guys...will try all this monday night.  That is the next time I can access the network with nobody there...allowing me to power down everything..and bring it all back up.
Expanding on what I responded to Gnart with -

You could have both NICs running the same IPX frame type, I think, as long as they aren't both on the same physical network.  Perhaps it's as simple as you plugged network 10's NIC into network 20's segment, and vice-versa.  This router error message will happen any time there is a different IPX network on the same segment using the same IPX frame type.

Before you event power down everything, look at the MAC of the NICs that are in the server.  If they match the MAC in the error message, you plugged the wrong cable into the wrong NICs during your upgrade or maintenance.  Swap the cables at the server may solve the routing error.  

The problem may persist after the cable swap (above), if devices on the segment had been taken down and powered backup and they picked up the wrong network number.

Don't worry about data being at risk here..... I've seen plenty of this the past 12 years.  I set it up as lab for my Novell networking students and expect them to solve the problem through identifying the MAC address and correct the routing error.


Hopefully, you USED to set it up as a lab for Novell networking students.

I, personally, have not seen this since shortly afte going to NetWare 4.11 from 3.12, while in the process of transitioning from 802.3 to 802.2.

If you are currently teaching Novell networking classes, I sincerely hope you are teaching TCP/IP, NCP over IP. SLP and such like, rather than issues that shouldn't happen anymore because the platform that would have had those issues is EOL'd and not under any manufacturer support whatsoever, for the past several years...

Nope, still do that for students to diagnose the problem.  There are still plenty of mixed environment running IPX/SP, TCP/IP, SDLC, NCP/IP, LU6.x.  System integration instructional has to include everything.  There are legacy IP/IPX gateways that still run the venerable IPX/SPX.  New technology such as NAS supports IPX/SPX in order to sell into Novell shops.  Yes, plenty of shop just don't want to run TCP/IP internally.  In case you are wondering, they run IP/IPX gateway to access the Internet.  Try to hack through the gateway when it is used as an Internet gateway firewall.  See below:

Intenet => TCP/IP packet => Gateway (extract data) => IPX/SPX packet.... (no IP).
Just reverse the packet conversion on the outgoing direction.

The problem is not gone due to legacy equipment and poor school districts that can only run Novell 3.12 on old PC and can't afford firewalls - so they use IP/IPX gateways.  You will see this problem if you run IPX/SPX and two network segments out from the server, regardless your version of Novell.  It's in the NCP internal route.  Just move a cable from a running device from one cable segment to another.  I guarantee it.  

Yes, I do teach TCP/IP, NCP/IP, SDLC/HDLC and LU6.x as well as IPX/SPX.  As far as I know, CNE certification has not complete taken IPX/SPX out of the picture.

Yes, I guess the unfortunate fact is that a lot of vendors are stuck on the idea that if a product says "novell" on it anywhere, that it needs IPX.  The "gateway services" Microsoft includes in its current OS products still assumes IPX and does not support NCP over IP.  All too many companies, not just poor school districts, still run 3.x simply "because it works."  I wonder how many of those companies and poor school districts also have Windows XP on their desktops.  Why not still run MS-DOS 3.2 "because it works?"

I'm not saying that you shouldn't teach what's part of a Novell course, but I hope it is at least stressed in these classes that IPX *is* the "legacy" NetWare protocol and not the preferred protocol for current, *supported* versions, and is still supported in current versions for backward compatibility only..

I went the "IPX/IP" gateway route myself for a while - partly as a transition and partly for the security factor.  The security factor quickly became moot as IPX gained legacy status.
I ran into this problem when a helpful admin was adding the default IPX network number on the wire to the Windows 2000 workstations.... as the internal IPX network number of each station.
Good point.   Could be the problem here.
tvaccAuthor Commented:
There are 3 Win 2000 units on this network...just added

How do I check that out?  I mean I know where the network info is...but I dont quite understand  "the default IPX network number on the wire"
Go to the properties of the NWlink IPX/SPX Compatible Transport in the Network properties. The internal Network number is generally left set to all zeros.
tvaccAuthor Commented:

Went over and worked on the network...addresses were the 2 intel cards in the server.

Tried all of the simple things...but it got I just unplugged one of the Server Lan card network cables to the hub.  Of course the errors went away..

Is there any thing wrong with this simple fix?

Can't disagree with that,

Who would ever think someone would plug two NICs into one hub?  I for one, presumed some basic knowledge of networking here and thought two cables would go to two different hubs.  Below is a quote from my post (Gnart, 11/08/03 9:26):

 "you plugged the wrong cable into the wrong NICs during your upgrade or maintenance.
  Swap the cables at the server may solve the routing error."

It refers to device plugging into the wrong network - basically it's a cabling issue.  All of my posts, deal with wrong cable being plugged somewhere.

Also, with my post:  If you look at your Autoexec.bat or from the console, you would know immediately that is the problem since one NIC would have the network of 10 and the other has the address of 20.

Now, where did the cable to that second NIC plugged into?

tvaccAuthor Commented:
It was plugged into a second hub. But I was under the impression that the CNet Smart Switch considered every connection a different "segment"...but I get ahead of myself...

Besides that...I did plug them into different hubs, a 24 port CNet Switch and a 4 port 3Com switch...but I then "connected the hubs" because they all need access to the internet router.

That must be where I made the mistake...but again...I thought the CNet switch would have compenstated for that.

Like I said...been out of the game for a while.....
tvaccAuthor Commented:
Let me say again to all...I appreciate all the help...
The enternet switch makes each connection a different collision domain, not a different segment.  Unless you configure it for VLAN (and I don't know if that can be done for IPX on that switch, or if it is manageable at all) then you still have all the same network.
Switch is layer 2.  Routing is layer 3.

There are layer 3 switches.  They're the ones that do VLAN and QOS prioritization.
In a modern NetWare environment, two NICs in the server can be used for failover or load balancing. The Intel NICs in particular support this. NetWare v3.x does not, however, so I'm also at a loss as to why the server had two NICs, both bound with IPX, unless one was a different frame type.

It seems as though your Question has been answered. I gather from your Comment on 11/7 that you're new to EE - so if I may presume, I'm going to offer a little advice.

If your Question has been Answered, then your task at this point is to Accept one or more Comments as the Answer.

Who gave the best Answer, or who contributed how much to the Answer, is solely at your discretion. It seems to me that several people offered substantive help in resolving this Question.

At the bottom of the Question, where you would type in another Comment, there is the "Split Points" link. Clicking on this will take you to a screen where you can Accept a particular Comment as "The Answer" but also select other Comments as having "Assisted". On this same screen you can also distribute the points in escrow in accordance to the value you find in each Expert's contribution. Alternatively, you can just click on the Accept button next to the Comment that you wish to accept as the sole Answer, and all the points will be awarded to the Expert who made that comment.

You'll be asked to grade the Answer - this will affect the Expert Points awarded to whomever made the Answer, but will NOT affect the number of Question Points you spend.

PsiCop -

I share your wonderment at why a NW3 server would have 2 NICs bound to the same IPX frame type.  The only reason I can fathom is that they wanted to segment the LAN and had no cross-connections between the hubs attached to the particular NICs.  Using the server as a router to reduce collisions, perhaps.
Ummm...I don't think so. In a shared environment every NIC hears every transmission. I don't see how that arrangement (using hubs) would have reduced collisions.
sheesh - I hope the owner doesn't want you to jump off a bridge anytime soon ;)

Here's the deal, it looks like you have two IPX segments that were separated with that hub.  Some hubs allowed you to segment the network on the same physical device, basically it was TWO hubs in one case.  Basically your network was two separate networks being joined by routing IPX internally via the NetWare OS.

Simple, take your switch and create VLANs on them, plug ONE of the NIC's from the server into ONE VLAN and the OTHER NIC from the server into the OTHER VLAN.

That should keep you happy without making any changes on the NetWare side.

"I don't see how that arrangement (using hubs) would have reduced collisions. "

If each NIC is on a separate, not-interconnected hub, making the infrastructure two separate and distinct IPX networks, even though they share a common frame type, it should result in 2 IPX networks (of the same frame type) routing through the NetWare server.

As long as the ONLY connection between the 2 IPX networks is the NetWare server/router, this SHOULD work...

If you have one IPX network connected to one distinct, separate physical network, and another connected to a 2nd distinct, separate physical network, then the NetWare server becomes the router between the networks, by default, without defining anything else.  That  setup would be defeated, and cause the problems herein described, should a device be added somewhere downstream that connects the 2 separate IPX networks together.

I used to put 2 NICS in my server - binding only the first NIC... The other one is a standby.  If the primary one goes bad, I unbind it and bind the other one and moved the cable.  That way I don't have to take down the server and find a good NIC to swap with the bad NIC.

tvaccAuthor Commented:
Yes...the mistake I made was binding the 2 switches they both could use the same router...I now know what I did.

I will try and figure out the "response"  protocol...and respond the correct way....tomorrow..

Thank you again to everybody. Helped me an awful lot.....

Been the whole day battling a "worm" on a 50 node network...
Sad to say, but in moving your buddy to a Windows-based network, this won't be the LAST worm you'll be battling...
OK, ShineOn, I see what you were gettiong at. I had assumed (bad idea) that it was already one network fabric, and not two separate nets. Knowing that, yes, what he experienced makes perfect sense.

If you're moving to all-Windoze, get used to worms.

Anti-virus, firewall and lockdown those Windows machines.  I have ben trying to get worm, virus, trojans (source also) for my security class and I can't get enough of them, sigh.....


really?  what happens when someone brings in an infected laptop to your network?  How about one infected with a worm no anti-virus sig file knows about?  I've seen a worm that so far has no sig file for, and it's MONTHS old!

Windoze - you can make it hard on the outside, but the inside remains soft and chewy.
I track for new ones on newsgroup:  alt.virus.  etc,,, looking for source code...
I have the following setup at home to play with:

Internet ==> DSL/modem ==> Router with 4 ports switch (VPN, IPSec)

Switch port 1 => the honeypot
Switch port 2 => Wireless AP & Wired switch (wire/wireless workstations)
Switch port 3 => Attacking workstation (acting as outside)
Switch port 4 => Cisco 2621 <=> Cisco PIX 516UR <=> Cisco 2621 <=> Network being attacked.

Workstations inside the network being attacked is staged with notebooks as needed.  I insert a VLAN switch or subnet-able hub as needed to stage my scene.

When I get an infected machine - that's when my fun really start.  ID it, and hunt down to code to see how it work.  The problem is most are just changed version of the original.....  I don't work for an antivirus company.  I just like to play and learn... I used to do the deep stuff, (ie. code my own OS once) but now I just play and teach.

So really.... cheers
tvacc, y'know, my answer at 4:32 pm on 11/07/2003 really was the first to answer your problem, but I'll let it pass this time...
tvaccAuthor Commented:
I did not know this was a competition....I just put down the one that I thought provided me with the answer that I really understood...and really hit the nail on the head. I would prefer to not have to answer "who gave the best or first answer"  Is this a necessary and required part of the forum?  I do not like negativity and if there is a "winner" all the time...then there must be a loser...and in my mind...none that helped me are losers....everything that was said helped me out...I stirred it all in the pot...and out came the answer.
tvaccAuthor Commented:
And...Shine on..upon reading the posts did give me the answer first...Sorry....
It's not a competition.  It's a community, but there are incentives as far as answers given, grades, Expert points, etc. that prod the Experts to be as active as possible, so as many issues as possible can be answered.

Please click on the "help" link in your "Your Status" box and read up on how things work here.

I won't begrudge Gnart his due, and it's up to you how to award points, but for future activity on EE, it would behoove you to read up on the way things work.

Take care.  Glad we could help.  

If you want to discuss further the pros and cons of NetWare vs Windows, this is the place.  DSPoole, PsiCop, myself, d50041, deroode, ZENworker, BudDurland and all the rest can help to get you back up to speed, and ease your way back.
tvaccAuthor Commented:
Thanks for all the help..and the encouragement
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.