[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] RE: Blocking Bad Win2k DNS Servers
- Subject: RE: [cobalt-users] RE: Blocking Bad Win2k DNS Servers
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Wed Jan 23 01:48:53 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
David Lucas wrote:
> I have dns on my Raq turned off. I am not serving my own
> dns. I still get queries and log entries.
But not reported by the named process, right?
> I do not see outside queries to my logs, but I do see entries
> from the internal network. The W2K and NT4 machines are
> basically hitting with a port 137 entry for all but one which
> is hitting 138. Thus netbios. I have a Compaq Win98 machine
> that is hitting port 2301 which is some Compaq thing. I see
> these in the kernel log. Where are you seeing the dns log
> entries?
This almost all broadcast traffic.
Windows servers (any flavour) spend an awfully large amount of time sending
broadcast traffic to their local broadcast network address saying "I'm a
Windows server! I'm a Windows server! I'm a Windows server! And here's my
machine name and NetBIOS domain!", which is (in a nutshell) how the Windows
Network Neighborhood works.
Compaq machines often have a Compaq RILO (Remote Insight Lights-Out)
management board, which spends a significant amount of its' operation
shouting "Here I am, I'm a RILO card!" so that an Insight Management station
on the same network can then pick them up and control them.
Unless your Cobalt is sitting on a perfectly quiet VLAN on its' own, you're
gonna see this traffic.
You can safely ignore this lot - tweak your firewall ruleset to just drop
the packets, don't log them.
Graeme