Date: Sun, 3 Sep 2000 22:26:18 +0200 (CEST) From: Janko van Roosmalen <janko@compuserve.com> To: Greg Lehey <grog@lemis.com> Cc: FreeBSD Questions <questions@FreeBSD.ORG>, groggy@iname.com Subject: Re: signature? Message-ID: <Pine.BSF.4.10.10009032200490.299-100000@parmenides.utp.net> In-Reply-To: <20000903085224.I17337@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The "netbios-ns" makes me think of a Windows 95/98/NT station or a Samba server. Checking "/etc/services" however points to a bootp client. bootpc 68/tcp # BOOTP client bootpc 68/udp It could be a Windows station which is broadcasting on the ADSL line. It is not uncommon for Windows users to see their neigbours PC in their "Windows Network Neigbourhood" when they use a ADSL or DSL service. The SMB/"Netbios over TCP/IP" protocol used by Windows is a very talkative protocol, which uses broadcasting a lot to announce their name, services and to force elections to become master browser on the subnet. I suspect it is a misconfigured Windows box on the ADSL net looking for an IP address. Janko van Roosmalen On Sun, 3 Sep 2000, Greg Lehey wrote: [snip] > On Saturday, 2 September 2000 at 20:14:03 +0000, groggy@iname.com wrote: > > can anyone tell me what the heck my ISP is doing to my machine? > > It's the name of your system: > > > Received: (from abc@localhost) > > by groggy.anc.ptialaska.net (8.9.3/8.9.3) id UAA02138 > > for isp@freebsd.org; Sat, 2 Sep 2000 20:14:03 GMT > > (envelope-from groggy@iname.com) > > > is it a recognizable signature? they repeat this every > > 1-2 minutes - and it does clog my connection a little! > > is it stuff i should allow - or is something strange > > going on? udp 68 is the "bootstrap protocol client". > > i don't know what the heck that has to do with me, > > The messages seem to be coming from your end. I don't even see any > replies. The two messages at 05:13:25.548800 have nothing to do with > you, but suggest that you're on a broadcast medium. Considering that > the names suggest this is ADSL, you might ask your ISP about that. > > > this is the full sequence ... > > > > 05:13:24.048994 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:24.049044 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:24.168796 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:24.168828 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:24.308786 groggy.51488 > 208.151.115.193.netbios-ns: udp 68 > > 05:13:24.308822 groggy.51488 > 208.151.115.193.netbios-ns: udp 68 > > 05:13:24.428758 groggy.46346 > 208.151.115.193.netbios-ns: udp 68 > > <snip> > > 05:13:25.528810 groggy.32996 > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.528842 groggy.32996 > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.548800 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.548831 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.668925 groggy.45057 > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.668957 groggy.45057 > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.699102 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.699133 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > 05:13:25.808811 groggy.46773 > 208.151.115.193.netbios-ns: udp 68 > > <snip> > > > i don't use dhcp or anything like that ... > > Are you sure you're not running some other daemon which uses this > service? Take a look with 'ps lax' and see what you get. > > Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10009032200490.299-100000>