0

On our windows 2003 domain, with XP clients, we have started seeing routes appearing in the routing tables on both the servers and the clients. The route is a /32 for another computer on the domain. The route gets added when one windows computer connects to another computer and needs to authenticate.

For example, if computer A with ip 10.0.1.5/24 browses the c: drive of computer B with ip 10.0.2.5/24, a static route will get added on computer B like so:

dest     netmask         gateway  interface
10.0.1.5 255.255.255.255 10.0.2.1 10.0.2.5

This also happens on windows authenticated SQL server connections. It does not happen when computers A and B are on the same subnet.

None of the servers have RIP or any other routing protocols enabled, and there are no batch files etc setting routes automatically.

There is another windows domain that we manage with a near identical configuration that is not exhibiting this behaviour. The only difference with this domain is that it is not up to date with its patches.

Is this meant to be happening? Has anyone else seen this? Why is it needed when I have perfectly good default gateways set on all the computers on the domain?!

simon
  • 714
  • 7
  • 20

1 Answers1

0

Is your default router routing all the traffic? or is there another router for the second network? In the latter case, your default router will send the route back to the client(your system) via a ICMP redirect or similar http://en.wikipedia.org/wiki/ICMP_Redirect_Message

DerekC
  • 106
  • 5
  • Good thought. But each subnet has only one gateway. We wiresharked the traffic on the "B" computer just now to make sure and it did not show any icmp traffic other than echo. – simon Mar 22 '12 at 11:47