LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : Matthew Tippett <mtippett@ticons.com.au>
  Date: Mon, 17 Apr 2000 14:47:19 +091800

Re: WINS DNS (was e: why netbios-ns?)

On Mon, Apr 17, 2000 at 01:23:48PM +0930, Matthew Tippett wrote:
> > > Does anyone have an explanation for this:
> > 
> > Most likely an MS-type operating system that doesn't realise DNS !=
> > WINS.  I gave up logging port 137-139 a long time ago, as you just
> > get so much rubbish from it.
> 
> As an alternative to the NTLM (MS web authentication) suggestion made by
> Dan, there might be an alternative option.
> 
> This may not actually be a browser doing this, but might be a web site
> that you are visiting trying to resolve the name of the machine you are
> on.
> 

Bingo.
I ran ethereal over the log file, and found that the packet is of type
NBNS "name query". NBNS must be netbios-ns = netbios name system?
There was no particular content in the packet - just a long series
of the letter "A".

So when I get someone scanning through my entire IP host address
spaces, sending me 3 of these UDP packets per IP address, I guess that
means that either someone is trying to do a harmless survey of the
net, or else they're looking for weak victims.

Cheerio,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject