Should I be worried about the NBNS broadcasts
Hi!
Are these packets something to be worried about or should i just ignore them?
I know my fw blocks these packages because it sends back a icmp
destination and port unreachable.
Last time i got hacked i know I saw a lot of these packages so i get a bad feeling everytime i see these incoming packets but im not even sure if it has something to do with it.
I get about 1 of these messages from different hosts in a minute for some hours now.
I have a windows box connected to this one which i use masquerading on.
Linux cooked capture
Packet type: Unicast to us (0)
Link-layer address type: 1
Link-layer address length: 6
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7f8e
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 109
Protocol: UDP (0x11)
Header checksum: 0xc51e (correct)
Source: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
Destination: my.linux.box ip (my.linux.box ip)
User Datagram Protocol, Src Port: 12057 (12057), Dst Port: netbios-ns (137)
Source port: 12057 (12057)
Destination port: netbios-ns (137)
Length: 58
Checksum: 0x87d2 (correct)
NetBIOS Name Service
Transaction ID: 0x00ca
Flags: 0x0010 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...1 .... = Broadcast: Broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class inet
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: inet
Thanks in advance
LR
|
