nmbd sends SYN packet to external Network address

Simo Sorce simo.sorce at xsec.it
Fri Sep 13 07:32:01 GMT 2002 

Clearly the machine with IP 10.53.5.12 ask you for a machine with name
59345424260<20> your server does not know anyhing about it and as you
have some config parm that make the nmbd try to proxy the request to the
DNS, then it try to resolve it and get back that answer.

In the end the problem is to be located on the 10.53.5.12 ip address
machine if you do not have such netbios name on your lan.

Simo.

On Fri, 2002-09-13 at 08:18, Andreas Moroder wrote:
> Hello all,
> 
> i looked into the nmb.log of my wins server ( samba 1.9.7 on HP-UX ) and found
> the following lines
> 
> wins_process_name_query: name query for name 59345424260<20> from IP 10.53.5.12
> wins_process_name_query: name query for name 59345424260<20> not found - doing d
> ns lookup.
> added DNS query for 59345424260<20>
> add_dns_result: DNS gave answer for 59345424260 of 209.67.79.132
> add_name_to_subnet: Added netbios name 59345424260<20> with first IP 209.67.79.1
> 32 ttl=7200 nb_flags= 4 to subnet WINS_SERVER_SUBNET
> DNS calling send_wins_name_query_response
> 
> Does this happen ?
> - my server 10.53.5.12 tries to resolve the name 59345424260
> - the wins server gives him a external address 209.67.79.1 as answer 
> ( with nslookup 59345424260 does NOT resolve, so I don't know where the address
> comes from )
> - my server tries to contact the address
> - my pix stops this packets and logs the error.
> 
> Now my big question, why does my server try to resolve this strange name ?
> Can it be a PC that was in our net with this name and now is no more here ?
> 
> Thanks 
> Andreas
> 
> 
> Zitiere Volker.Lendecke at SerNet.DE:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > > it tries to send at the ports 139 and 445
> > 
> > Wie schon auf der Liste geantwortet wurde, will der nmbd bestimmt
> > seine Browse Listen synchronisieren. Das tut er immer mit dem Domain
> > Master Browser, der bei echtem NT immer auf dem PDC läuft. Kann es so
> > etwas sein?
> > 
> > Volker
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.6 (GNU/Linux)
> > Comment: Key-ID ADE377D8, Fingerprint available: phone +49 551 3700000
> > 
> > iD8DBQE9gJ3EZeeQha3jd9gRAkS/AJ9kizxRkMiMFag53dX7PO0PBW4uRgCfVvEU
> > GI7LBgznRxtxUjGkH70Dt4o=
> > =OmVu
> > -----END PGP SIGNATURE-----
> > 
> > 
> 
> 
> 
> --------------------------------------------------------
> Dr. Andreas Moroder
> Sanitätsbetrieb Brixen - Azienda Sanitaria di Bressanone
>    www.sb-brixen.it    -      www.as-bressanone.it
-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020913/b5944388/attachment.bin

More information about the samba-technical mailing list