Re: Crazy flying netbios packets
I'm not on this list, but a friend pointed me at the thread and I wanted to add my 2cents. Hope you don't mind. : There is a very popular WWW log analysis program by the name of : WebTrends. It is run on a Win32 platform and when processing : GIGs of www access-logs, it will uni-cast for WINS resolution to : every foreign IP if finds for WINS name resolution, fail, : and then use DNS for resolution. : : My fear (uneducated on the matter) is that it is not WebTrends but : Microsoft's gethostbyaddr() call which would mean that this type of : crazy 137/udp WINS resolution traffic is more commonly mis-used than : we think. It's not actually WINS that you're dealing with here. WINS is Microsoft's name for their NetBIOS Name Server (RFC1001, 1002). WebTrends cannot know the address of the WINS server, if any, that the assumed Windows PC used so it would have to send the query directly to the IP in the log. Urq. If the PC was on a dial-up or other dynamic IP address, then any reply will most certainly be wrong. Also, what you'd get back is a set of NetBIOS names. This is almost completely useless unless you share the same WINS server or are within the same broadcast domain. The suggestion that this totally nasty behavior is SOP for Microsoft's gethostbyaddr() is disturbing. In my experience, the folks in Redmond don't clearly understand the difference between a NetBIOS name and a DNS name. Chris Hertel Samba Team -- "I'm thirty-seven. I'm not old." -----(- Christopher R. Hertel -- Dennis the Peasant to King Arthur, 787 AD -)----- crh@ubiqx.mn.org
participants (1)
-
crh@ubiqx.mn.org