Crazy flying netbios packets

• Previous message (by thread): Crazy flying netbios packets
• Next message (by thread): Crazy flying netbios packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 3 Sep 1998, blast wrote:
> There is a very popular WWW log analysis program by the name of 
> WebTrends.  It is run on a Win32 platform and when processing 
> GIGs of www access-logs, it will uni-cast for WINS resolution to 
> every foreign IP if finds for WINS name resolution, fail, 
> and then use DNS for resolution.  
> 
> My fear (uneducated on the matter) is that it is not WebTrends but 
> Microsoft's gethostbyaddr() call which would mean that this type of 
> crazy 137/udp WINS resolution traffic is more commonly mis-used than
> we think.  

I agree.
As an ISP, we receive huge amounts of netbios traffic (which is blocked by our acl's and causes our logs to get pretty ugly).
The customer pays dearly for this "hack": as the telco bills the customer for every initial connection and also further use.
Most single-users get pretty upset when they receive a phone bill of $3000.
It's easy to fix if you have the knowledge about how, but most single-users don't.

(Port 137 packets denied yesterday: 30000+)

Samuel Gunnestad
Telenor Nextel

--

"If you park, don't drink, accidents cause people." - Confusius

• Previous message (by thread): Crazy flying netbios packets
• Next message (by thread): Crazy flying netbios packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]