Date: Sat, 7 Mar 1998 09:12:44 +1100 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: David Babler <root@Rigel.orionsys.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Port 137 access - somebody monkeying around? Message-ID: <Pine.BSF.3.91.980307090253.5267A-100000@panda.hilink.com.au> In-Reply-To: <Pine.BSF.3.96.980306132649.6827G-100000@Rigel.orionsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 6 Mar 1998, David Babler wrote: > port? I complained once to a system one of whose dialup customers > continued a port 137 probe on and off for an hour. When the user was > contacted, he claimed he had NO IDEA what we were talking about, that he > might have just "tried something" with a browser. Contact the user and tell him to change his Dialup config to not do MS networking. 95/NT boxes just send billions of "I'm me; who are you?" packets on port 137, in case the other end wants to do 95/NT networking. This is because MS assumed that its users could not be trained to enter the domain name of a computer they want to share resources with, or the like. There are legitimate uses for these packets, just like doing NFS across the Internet. The problem is that they are there even when the user does not want to share resources. A worse problem is that NT's default netmask is 255.255.0.0 even for Class C addresses, so there are lots of broadcasts made out to the Internet in error. I have networks 203.8.15.0 and I spotted in a tcpdump broadcasts of 203.8.255.255 coming my way. Turned out to be an Internet cafe in northern NSW, 1000 miles away, which I ended up telephoning to explaining the problem. I also filed a PR with MS, but no response. You'd think that MS would be able to put some code into NT which can determine the class of a network, instead of defaulting to class B. Sheesh! Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.980307090253.5267A-100000>