Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Oct 1998 12:10:11 -0800 (PST)
From:      patl@phoenix.volant.org
To:        Marty Cawthon <mrc@ChipChat.com>
Cc:        security@FreeBSD.ORG
Subject:   Re: Cause of NetBIOS-NS requests from outside
Message-ID:  <ML-3.3.909691811.524.patl@asimov>
In-Reply-To: <Pine.BSF.3.95LJ1.1b3.981029194717.19123J-100000@Piman-Orange.ChipChat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>   I run an OS/2 Warp Server Network, a derivative of LAN Manager, and so
> common ancestry with Microsoft Networks. This network uses NetBIOS
> and "NetBIOS over TCP/IP" (TCPBeui). The TCPBeui sounds to be the same
> as that described above and in related messages.
> 
>   To get the TCPBeui to work properly it was required to add the
> Warp-Server IP addresses to a "Broadcast" list.  At first I setup the
> network with true IP subnet broadcast addresses in that file.
> 
>   When I had trouble, IBM support advised me to specifically add the
> Warp-Server IP addresses to the Broadcast list. This resulted in the
> TCPBeui network functioning properly.
> 
>  I don't understand the details of why/how, but submit this information
> in response to the "broadcast theories/explicit server address" comment
> above.  It may be that the true story about the behavior you see may
> include "specific destination addresses in a broadcast list".

Not likely in this case, since my server is a FreeBSD box that has
never offered any NetBIOS services; and the packets in question are
coming from outside my network.  (I.e., There is absolutely no legitimate
reason why the machine sending the packets should have been configured
with my server's IP address listed as -any- server.)

I think it is much more likely that they are doing a DNS resolution
from my DNS server; and then attempting to obtain a 'Windows' name
for the host via NetBIOS-NS, also from my DNS server.


-Pat

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.909691811.524.patl>