Date: Thu, 29 Oct 1998 12:09:02 -0500 (EST) From: Thomas Stromberg <ventrex@UNDER.suspicion.org> To: patl@phoenix.volant.org Cc: security@FreeBSD.ORG Subject: Re: Cause of NetBIOS-NS requests from outside Message-ID: <Pine.BSF.4.05.9810291208130.5445-100000@under.suspicion.org> In-Reply-To: <ML-3.3.909615695.6966.patl@asimov>
next in thread | previous in thread | raw e-mail | index | archive | help
If you enable "Windows resolution through DNS" in NT (there is a similar setting in Windows95/98), every TCP access that machine ever makes sends a NetBIOS-ns (137) packet to try to find out its Windows equivalent name to store in its cache. ======================================================================== Thomas Stromberg | smtp -> thomas@stromberg.org System Administrator, RTC Inc. | http -> thomas.stromberg.org (919) 380-9771 ext. 3210 : talk -> ventrex@stromberg.org "the more we know, the less we are" . irc -> ventrex@EFnet ======================================================================== On Wed, 28 Oct 1998 patl@phoenix.volant.org wrote: > I've recently started logging more of the packets which are denied > by my filters. Since then, I've noticed occasional bursts of UDP > packets aimed at the NetBIOS-NS port (137) on my primary server. > > Is this more likely to be M$ brain-damage, or an attempted probe > by some script-kiddie? > > > > -Pat > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9810291208130.5445-100000>