From owner-freebsd-security  Thu Oct 29 09:09:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA17535
          for freebsd-security-outgoing; Thu, 29 Oct 1998 09:09:26 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from under.suspicion.org ([216.27.37.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA17530
          for <security@FreeBSD.ORG>; Thu, 29 Oct 1998 09:09:23 -0800 (PST)
          (envelope-from ventrex@UNDER.suspicion.org)
Received: from UNDER.SUSPICION.ORG (x0@UNDER.SUSPICION.ORG [216.27.37.14])
	by under.suspicion.org (8.9.1/8.9.1) with ESMTP id MAA05520;
	Thu, 29 Oct 1998 12:09:08 -0500 (EST)
	(envelope-from ventrex@UNDER.suspicion.org)
Date: Thu, 29 Oct 1998 12:09:02 -0500 (EST)
From: Thomas Stromberg <ventrex@UNDER.suspicion.org>
To: patl@phoenix.volant.org
cc: security@FreeBSD.ORG
Subject: Re: Cause of NetBIOS-NS requests from outside
In-Reply-To: <ML-3.3.909615695.6966.patl@asimov>
Message-ID: <Pine.BSF.4.05.9810291208130.5445-100000@under.suspicion.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

If you enable "Windows resolution through DNS" in NT (there is a similar
setting in Windows95/98), every TCP access that machine ever makes sends a
NetBIOS-ns (137) packet to try to find out its Windows equivalent name to
store in its cache.

========================================================================
 Thomas Stromberg                     |   smtp -> thomas@stromberg.org  
 System Administrator, RTC Inc.       |   http -> thomas.stromberg.org  
 (919) 380-9771 ext. 3210             :   talk -> ventrex@stromberg.org 
 "the more we know, the less we are"  .   irc  -> ventrex@EFnet         
========================================================================

On Wed, 28 Oct 1998 patl@phoenix.volant.org wrote:

> I've recently started logging more of the packets which are denied
> by my filters.  Since then, I've noticed occasional bursts of UDP
> packets aimed at the NetBIOS-NS port (137) on my primary server.
> 
> Is this more likely to be M$ brain-damage, or an attempted probe
> by some script-kiddie?
> 
> 
> 
> -Pat
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message