Win32 gethostbyaddr() does NetBIOS query?
Christopher R. Hertel
crh at NTS.Umn.EDU
Fri Oct 2 06:18:56 GMT 1998
On a different mailing list, the suggestion was posted that the Windows
version of gethostbyaddr() will send a NetBIOS query to the address to try
and get the NetBIOS name before doing a DNS lookup. A few folks have
written in to support this claim with empirical evidence (no sniffer
traces yet, I'm 'fraid).
This seems really wrong to me. (They'd *never* do that, would they?)
There is evidence at our border, however, which suggests differently. We
filter out all inbound NetBIOS traffic. 99% of the NetBIOS-related
packets that we drop are for UDP/137. We are trying to get a better
understanding of what this means. How much is malicious, how much is
reckless cluelessness, and how much is Microsoft.
Does anyone know anything about this?
Chris -)-----
--
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
More information about the samba-technical
mailing list