From owner-freebsd-security  Thu Oct 29 12:03:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA13490
          for freebsd-security-outgoing; Thu, 29 Oct 1998 12:03:16 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from Raccoon.ChipChat.com (Raccoon.ChipChat.com [206.2.228.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA13485
          for <security@FreeBSD.org>; Thu, 29 Oct 1998 12:03:14 -0800 (PST)
          (envelope-from mrc@ChipChat.com)
Received: from Piman-Orange.ChipChat.com (Piman-Orange.ChipChat.com [206.2.228.146])
	by Raccoon.ChipChat.com (8.9.1/8.9.1) with SMTP id UAA28353;
	Thu, 29 Oct 1998 20:02:11 GMT
Date: Thu, 29 Oct 1998 20:02:11 +0000 (GMT)
From: Marty Cawthon <mrc@ChipChat.com>
To: patl@phoenix.volant.org
cc: security@FreeBSD.ORG
Subject: Re: Cause of NetBIOS-NS requests from outside
In-Reply-To: <ML-3.3.909683359.9882.patl@asimov>
Message-ID: <Pine.BSF.3.95LJ1.1b3.981029194717.19123J-100000@Piman-Orange.ChipChat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 29 Oct 1998 patl@phoenix.volant.org wrote:

> > If you enable "Windows resolution through DNS" in NT (there is a similar
> > setting in Windows95/98), every TCP access that machine ever makes sends a
> > NetBIOS-ns (137) packet to try to find out its Windows equivalent name to
> > store in its cache.
> 
> Finally, an explanation that fits observed behavour.  (The broadcast
> theories don't fit the packets I've actually observed; which are all
> directed explicitly to my primary server.)

  I run an OS/2 Warp Server Network, a derivative of LAN Manager, and so
common ancestry with Microsoft Networks. This network uses NetBIOS
and "NetBIOS over TCP/IP" (TCPBeui). The TCPBeui sounds to be the same
as that described above and in related messages.

  To get the TCPBeui to work properly it was required to add the
Warp-Server IP addresses to a "Broadcast" list.  At first I setup the
network with true IP subnet broadcast addresses in that file.

  When I had trouble, IBM support advised me to specifically add the
Warp-Server IP addresses to the Broadcast list. This resulted in the
TCPBeui network functioning properly.

 I don't understand the details of why/how, but submit this information
in response to the "broadcast theories/explicit server address" comment
above.  It may be that the true story about the behavior you see may
include "specific destination addresses in a broadcast list".

Marty Cawthon
ChipChat



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message