• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

Detecting Legacy URI Usage

I was asked to look into the question of how to proactively discover users and processes which are using old server names to access data on a new server.

The question that needs to be answered is about which Client is getting to the active server, call it NewServer, using a URI which refers to an inactive server, call it OldServer. (Therefore, it seems to me that this question is not about DFS, since DFS only takes you out of a server to another network location for accessing data.)

We modified the DNS entry for OldServer and gave it the same IP address as NewServer. Then, we ensured that the Root folders on OldServer were also present (without subfolder conflicts) on NewServer. Problem solved.

In this case, in order to detect legacy URI's in use, we would need one of the following to be true:

1) It is possible (and feasible) to configure the DNS server to log requesting IP address along with the Server they are requesting resolution for. Said another way, there is a way to answer the question, "Which IP addresses are requesting name resolution for OldServer.

2) When the request is sent from the Client to NewServer's IP address, there is something in the request that still references the original server name, OldServer, and we can log that something.

Are either of those things possible? Is there another way to detect this?

David
0
anyoneis
Asked:
anyoneis
  • 3
  • 2
2 Solutions
 
Steve KnightIT ConsultancyCommented:
How about.... give Newserver a second IP address - ideally on a seperate card connected to the same network, and using that in DNS for "OldServer" then you can see connections to the server on that IP.  Set this to not "register in DNS" on the connection properties and lower in the binding order than the other card.

What services are we talking about here that the users are accessing is this file shares (UNC, mapped drives etc), http or https to and IIS server etc?

If nothing else with this method you can do at any one point in time a check using

netstat -m | find "1.1.1.1"

where 1.1.1.1 is the OLD address to see what is connected to.

Other than that is this MS DNS we are talking about?  If so you can put on debug logging of all incoming for Queriesrequests and then filter the logs for the requests or OldServer.


Steve
0
 
anyoneisAuthor Commented:
So far it is just file shares. (We have old shortcuts, manual drive mappings,  old programs, etc.) Eventually, it would be nice to turn out the lights on those old server names. I'll investigate your suggestion.
0
 
Steve KnightIT ConsultancyCommented:
A further suggestion is... does everyone run a login script?  If so you could run from that a check of

a) mapped drives, i.e. ones they have set as persistent
b) scan their desktop perhaps for the old name.
Realistically though when moving a file share there i always going to be certain amount of stuff -- links from an intranet page or inside a Word document to another file, links to template file that a Word document was created from, recently used document links etc. so it CAN be a pig.  At least you have been able to reduce the user impact by carrying over the old name for a while.

Assuming you are using MS DNS then turning on logging for a period and scanning the results sounds like a good plan to start with.  Will think more if needed or no doubt someone else will jump in with more answers too.

steve
0
 
anyoneisAuthor Commented:
These are good ideas! I would like to leave this open longer but the system is already generating "inactive question" messages.

Thanks!

David
0
 
Steve KnightIT ConsultancyCommented:
Yes it can be annoying when it keeps prodding you to keep questions active.  Feel free to drop a comment in here or post a new related Q using the link above - we and others should see it and can think more if you need it.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now