Crazy flying netbios packets
Samuel Gunnestad
samuel at nextel.no
Fri Sep 11 09:05:00 UTC 1998
On Thu, 3 Sep 1998, blast wrote:
> There is a very popular WWW log analysis program by the name of
> WebTrends. It is run on a Win32 platform and when processing
> GIGs of www access-logs, it will uni-cast for WINS resolution to
> every foreign IP if finds for WINS name resolution, fail,
> and then use DNS for resolution.
>
> My fear (uneducated on the matter) is that it is not WebTrends but
> Microsoft's gethostbyaddr() call which would mean that this type of
> crazy 137/udp WINS resolution traffic is more commonly mis-used than
> we think.
I agree.
As an ISP, we receive huge amounts of netbios traffic (which is blocked by our acl's and causes our logs to get pretty ugly).
The customer pays dearly for this "hack": as the telco bills the customer for every initial connection and also further use.
Most single-users get pretty upset when they receive a phone bill of $3000.
It's easy to fix if you have the knowledge about how, but most single-users don't.
(Port 137 packets denied yesterday: 30000+)
Samuel Gunnestad
Telenor Nextel
--
"If you park, don't drink, accidents cause people." - Confusius
More information about the NANOG
mailing list