VPN refuse on netbios names

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

I was wondering if VPN server/service registers into DNS and WINS the
authenticating host as the computer's netbios name or some entry name?
To take that one further, if the vpn service doesn't register itself as
the computer netbios name, then does the connection allow WINS to
obtain the computer's name?

The whole point is that it appears that some DNS allow dns entries
different than the netbios name. If a VPN login allows full networking
protocol, which probably include nbns, then the computer logging in
could register into the dns as one name and yet have a netbios name
that is different. If that is true, can you block vpn authentication
based on netbios name?

Can anyone tell me what document addresses this scenario?

Mike

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

mmccaws wrote:
> I was wondering if VPN server/service registers into DNS and WINS the
> authenticating host as the computer's netbios name or some entry name?
> To take that one further, if the vpn service doesn't register itself as
> the computer netbios name, then does the connection allow WINS to
> obtain the computer's name?
>
> The whole point is that it appears that some DNS allow dns entries
> different than the netbios name. If a VPN login allows full networking
> protocol, which probably include nbns, then the computer logging in
> could register into the dns as one name and yet have a netbios name
> that is different. If that is true, can you block vpn authentication
> based on netbios name?
>
> Can anyone tell me what document addresses this scenario?
>
> Mike
>

Boy are you confoozed!

The answers depend on what type of VPN you are using and how is it set
up - is it a site to site thru 2 vpn appliances? if so, none of the
questions you ask really apply, since it;s the PC and not the VPN that
registers with DNS and /or WINS.

if you are using VPN software on a PC to make the VPN connection, the
answer to most of what you ask is "it depends on how the VPN client was
designed"

ANY dns will allow a machine to regster an different name than the
netbios name used by the device. WINS and DNS are independent of one
another. MS clients will register the hostname the same on each, but
that is the clients doing.

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

So the vpn software loaded onto my computer that we use allows me to
browse MS network at work. So does that necessarily mean that the
computer I am using is registering it's netbios name with WINS. Or is
there another method for a non-native AD network to browse.

My concern is that I saw a problem where the netbios name from a vpn
user registered with WINS. Then because MS IP stack has a sequence of
resolving resource, you know host file, dns,etc -like any IP stack
design would, that MS IP stack includes WINS as an option, a WINS name
was resolved. Now as you'd expect anyone using a typical network
utility like ping and ms tracert would not expect to get a responce
from a WINS entry. But they did. And when you look into the fine
print of their IP stack, it's adaptable. So if DNS isn't 100%
reliable, it might decide WINS is first choice then DNS. So what if a
vpn user's computer is using a host name same as an internal
non-netbios registered name, say the dns name for your oracle database
on Solaris, then that client could register into WINS.

A lot of iffs, but when t1 lines get soggy, you'd like to be 100% sure
on how your network is working.