Re: NBNS (Netbios) storm, how to prevent?

Tech-Archive recommends: Speed Up your PC by fixing your registry

Andy
Date: 01/31/05 

Date: Mon, 31 Jan 2005 21:28:29 -0000

"Phillip Windell" <@.> wrote in message
news:uDp1h08BFHA.3524@TK2MSFTNGP15.phx.gbl...
> <Andy> wrote in message news:%23W16BT8BFHA.1524@TK2MSFTNGP09.phx.gbl...
> > From this I am unable to work out in what way NBNS are directed.
>
> I can make it simpler.
>
> When something is Broadcasted it is sent to the subnet's broadcast
address.
> If the network was 192.168.1.0/24 then that address would be
192.168.1.255.
> All hosts on the subnet respond to it if the "payload" is valid for them.
>
> When something is Directed it is sent specifically to the destination it
is
> meant for. Only the one host possessing the target address will respond,
all
> other hosts ignore it.
>
> > Call me paranoid but I would like to have something in place that would
> > prevent my network being affected even if the same problem re - occurs
on
> > the Music (other) network.
>
> If I have not confused my acronyms (which happens sometimes), this is a
> NetBios Name Server query packet. In other words a WINS Server query.
The
> packet,.. because it is directed,.. will always reach the destination
> network belonging to that address no matter how many routers and switches
> are in the way,..even if the actual target WINS Server doesn't exist.
>
> So the solution is to stop the originating Host (the Linux machine) from
> querying the WINS Server in the first place. In Linux, I suspect, this is
an
> SMB/Samba "thing". That is about all I can tell you about that,..Linux is
> not my "area".
>
> You could block this with ACL's on a Router if these are infact on
> different subnets with a Router between them,...however doing so can cause
> other problems. Blocking it only "hides" the problem,..it doesn't solve
it.
> Blocking it will also not prevent it from causing problems on the "Music"
> subnet and they will still be screaming for you to fix it.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>

We are on the same physical subnet but differnet logical subnet.

However the music network can be completley isolated from ours quite easily,
I've done it! so ACLs on a router is another approach. Linux isn't my area
either but I am told that this is a Samba issue and this definitley isn't my
area!

Thanks for the post. Much appreciated.
Will post back what we go for and how well it does or doesn't work!

Andy.

Relevant Pages

  • Re: NBNS (Netbios) storm, how to prevent?
    ... > When something is Broadcasted it is sent to the subnet's broadcast ... In other words a WINS Server query. ... > different subnets with a Router between them,...however doing so can cause ... We are on the same physical subnet but differnet logical subnet. ...
    (microsoft.public.windows.server.networking)
  • Re: Detecting host in the local network
    ... reachable using a router ... reachable only using broadcast. ... the same subnet as the host where your program is running OR NOT. ... is decide if the target device is on the same subnet or not. ...
    (microsoft.public.windowsce.embedded)
  • Re: Detecting host in the local network
    ... to communicate with unicast. ... Send a broadcast request that has a "reply broadcast" ... using any router. ... the same subnet as the host where your program is running OR NOT. ...
    (microsoft.public.windowsce.embedded)
  • Re: TCP/IP Urgent help
    ... >> coneect to them in the same subnet. ... >> subnet and connect between them using router, or there is no any Problems ... >> because of Broadcast, if so, and if i made each company to work with its ... > You would set up a server in the head office running DNS (and possibly WINS ...
    (microsoft.public.windowsxp.network_web)
  • Re: Simple netmask question, could some one please answer this question for me.
    ... a different subnet per tunner. ... Address: 172.16.0.2 Netmask: 255.255.255.128 ... Set your router to be 172.16.0.1 ... broadcast address: 172.16.0.255 ...
    (comp.dcom.vpn)