LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Should I be worried about the NBNS broadcasts (https://www.linuxquestions.org/questions/linux-networking-3/should-i-be-worried-about-the-nbns-broadcasts-53056/)

_LR_ 04-02-2003 10:55 AM
Should I be worried about the NBNS broadcasts
 
Hi!

Are these packets something to be worried about or should i just ignore them?

I know my fw blocks these packages because it sends back a icmp
destination and port unreachable.
Last time i got hacked i know I saw a lot of these packages so i get a bad feeling everytime i see these incoming packets but im not even sure if it has something to do with it.
I get about 1 of these messages from different hosts in a minute for some hours now.


I have a windows box connected to this one which i use masquerading on.

Linux cooked capture
Packet type: Unicast to us (0)
Link-layer address type: 1
Link-layer address length: 6
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7f8e
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 109
Protocol: UDP (0x11)
Header checksum: 0xc51e (correct)
Source: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
Destination: my.linux.box ip (my.linux.box ip)
User Datagram Protocol, Src Port: 12057 (12057), Dst Port: netbios-ns (137)
Source port: 12057 (12057)
Destination port: netbios-ns (137)
Length: 58
Checksum: 0x87d2 (correct)
NetBIOS Name Service
Transaction ID: 0x00ca
Flags: 0x0010 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...1 .... = Broadcast: Broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class inet
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: inet

Thanks in advance
LR

bentz 04-02-2003 02:01 PM
These broadcasts are very typical in a Windows environment. Each machine is broadcasting to eachother in order to keep the 'Network Neighborhood' listing up to date. According to Microsoft, if you are using all Windows 2000 and above machines on your network (Samba 2.x does not constitute 'Windows 2000 and above', Samba 3 will but is in beta) then you can disable netbios altogether and use DNS.

_LR_ 04-04-2003 04:52 PM
ok the only reason I started to wonder is that i know these are used inside my network but didnt know that they can send such packets to my lan from outside

sorry if it took a while for me to answer but thanks for the help i will disable netbios asap.

how 05-21-2003 09:25 PM
I am keep getting NBNS to my linux machine every second.
How do I stop it from NBNS query me? it is anoying once I found out.


All times are GMT -5. The time now is 12:53 AM.