Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Oct 1998 20:02:11 +0000 (GMT)
From:      Marty Cawthon <mrc@ChipChat.com>
To:        patl@phoenix.volant.org
Cc:        security@FreeBSD.ORG
Subject:   Re: Cause of NetBIOS-NS requests from outside
Message-ID:  <Pine.BSF.3.95LJ1.1b3.981029194717.19123J-100000@Piman-Orange.ChipChat.com>
In-Reply-To: <ML-3.3.909683359.9882.patl@asimov>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, 29 Oct 1998 patl@phoenix.volant.org wrote:

> > If you enable "Windows resolution through DNS" in NT (there is a similar
> > setting in Windows95/98), every TCP access that machine ever makes sends a
> > NetBIOS-ns (137) packet to try to find out its Windows equivalent name to
> > store in its cache.
> 
> Finally, an explanation that fits observed behavour.  (The broadcast
> theories don't fit the packets I've actually observed; which are all
> directed explicitly to my primary server.)

  I run an OS/2 Warp Server Network, a derivative of LAN Manager, and so
common ancestry with Microsoft Networks. This network uses NetBIOS
and "NetBIOS over TCP/IP" (TCPBeui). The TCPBeui sounds to be the same
as that described above and in related messages.

  To get the TCPBeui to work properly it was required to add the
Warp-Server IP addresses to a "Broadcast" list.  At first I setup the
network with true IP subnet broadcast addresses in that file.

  When I had trouble, IBM support advised me to specifically add the
Warp-Server IP addresses to the Broadcast list. This resulted in the
TCPBeui network functioning properly.

 I don't understand the details of why/how, but submit this information
in response to the "broadcast theories/explicit server address" comment
above.  It may be that the true story about the behavior you see may
include "specific destination addresses in a broadcast list".

Marty Cawthon
ChipChat



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95LJ1.1b3.981029194717.19123J-100000>