Re: NBNS (Netbios) storm, how to prevent?
From: Phillip Windell (_at_.)
Date: 01/31/05
- Next message: James C. Hill: "Linux has access to all my drives!"
- Previous message: Mike: "2000 Server"
- In reply to: Andy: "Re: NBNS (Netbios) storm, how to prevent?"
- Next in thread: Andy: "Re: NBNS (Netbios) storm, how to prevent?"
- Reply: Andy: "Re: NBNS (Netbios) storm, how to prevent?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 31 Jan 2005 13:43:24 -0600
<Andy> wrote in message news:%23W16BT8BFHA.1524@TK2MSFTNGP09.phx.gbl...
> From this I am unable to work out in what way NBNS are directed.
I can make it simpler.
When something is Broadcasted it is sent to the subnet's broadcast address.
If the network was 192.168.1.0/24 then that address would be 192.168.1.255.
All hosts on the subnet respond to it if the "payload" is valid for them.
When something is Directed it is sent specifically to the destination it is
meant for. Only the one host possessing the target address will respond, all
other hosts ignore it.
> Call me paranoid but I would like to have something in place that would
> prevent my network being affected even if the same problem re - occurs on
> the Music (other) network.
If I have not confused my acronyms (which happens sometimes), this is a
NetBios Name Server query packet. In other words a WINS Server query. The
packet,.. because it is directed,.. will always reach the destination
network belonging to that address no matter how many routers and switches
are in the way,..even if the actual target WINS Server doesn't exist.
So the solution is to stop the originating Host (the Linux machine) from
querying the WINS Server in the first place. In Linux, I suspect, this is an
SMB/Samba "thing". That is about all I can tell you about that,..Linux is
not my "area".
You could block this with ACL's on a Router if these are infact on
different subnets with a Router between them,...however doing so can cause
other problems. Blocking it only "hides" the problem,..it doesn't solve it.
Blocking it will also not prevent it from causing problems on the "Music"
subnet and they will still be screaming for you to fix it.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com
- Next message: James C. Hill: "Linux has access to all my drives!"
- Previous message: Mike: "2000 Server"
- In reply to: Andy: "Re: NBNS (Netbios) storm, how to prevent?"
- Next in thread: Andy: "Re: NBNS (Netbios) storm, how to prevent?"
- Reply: Andy: "Re: NBNS (Netbios) storm, how to prevent?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
