Date: Wed, 28 Oct 1998 16:20:04 -0800 (PST) From: patl@phoenix.volant.org To: Kenneth Ingham <ingham@i-pi.com> Cc: security@FreeBSD.ORG Subject: Re: Cause of NetBIOS-NS requests from outside Message-ID: <ML-3.3.909620404.495.patl@asimov> In-Reply-To: <19981028171202.A4585@i-pi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Oct 28, 1998 at 03:01:35PM -0800, patl@phoenix.volant.org wrote: > > I've recently started logging more of the packets which are denied > > by my filters. Since then, I've noticed occasional bursts of UDP > > packets aimed at the NetBIOS-NS port (137) on my primary server. > > > > Is this more likely to be M$ brain-damage, or an attempted probe > > by some script-kiddie? > > M$ brain-damage. > > I worked with one of the people who was bouncing off of my firewall one > time. If you are using WINS for anything, it tries to use it for > everything. I now ignore them, and really should tell the firewall to > not even log them. So it's probably trying to contact my DNS server via NetBIOS-NS protocol? I can easily understand how any local M$ machines could be sending these packets to my servers; but what has me puzzled is why an outside machine would try to contact my server for WINS info. This doesn't seem to be any real threat; and since it is much more likely to be M$ brain-damage, I'll probably add a filter rule to explicitly deny them without logging. But I would like to have a better understanding of the underlying reasons. (That is, reasons more specific than 'M$ is completely clueless'.) -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.909620404.495.patl>