Date: Mon, 4 Sep 2000 10:49:18 +0930 From: Greg Lehey <grog@lemis.com> To: Mike Meyer <mwm@mired.org> Cc: questions@FreeBSD.ORG Subject: Self-initiated DOS? (was: signature?) Message-ID: <20000904104918.B57161@wantadilla.lemis.com> In-Reply-To: <14770.39487.46522.546296@guru.mired.org>; from mwm@mired.org on Sun, Sep 03, 2000 at 01:36:47PM -0500 References: <25395295@toto.iv> <14770.39487.46522.546296@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday, 3 September 2000 at 13:36:47 -0500, Mike Meyer wrote: > groggy@iname.com writes: >>> It's not port UDP 68, it's netbios-ns; it's Windows boxs that like to do a >>> netbios nameserver lookup on whoever connections to them. MS assumed that >>> anything connecting to them "must" be a windows box and tries to log the >>> Netbios name of it.... these end up as mostly noise in firewall logs. >>> >>> I specifically disabled monitoring of UDP 137/138 in my own firewalls as the >>> number of stupid IIS servers that kept trying to find out the netbios name >>> of the squid proxies was filling the logs with useless information... >> this sounds good to me :) i figured it was some IIS crap ... >> i think my ISP recently replaced their SunOS and System V boxes >> with IIS servers - i know they renamed all their boxes - and that's >> when this problem started. it still bothers me that they have a right >> to clutter my connection with so much useless garbage! i mean, it does >> cause "stalls" on connections to my server since 10 seconds >> of every minute my connectin is jammed with this garbage ... >> it would be a hassle to change providers for many reasons, >> do i have any right to make them stop? :) i mean, it's >> almost a DOS attack, isn't it? :) > > If you feel like it's a DOS (or some other form of) attack, then it > is. Treat it as one - as correctly as possible. Don't assume that they > are doing it on purpose, or even know that it's going on. Report it as > an attack that may be coming from somone having broken into their > systems, and ask them to deal with it. It's difficult to say "I'm having a denial of service attack, and it's coming from my machine" and be convincing. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000904104918.B57161>