Home page logo
/

nanog logo nanog mailing list archives

Re: UDP port 137 Question
From: Eric Germann <ekgermann () cctec com>
Date: Wed, 07 Jan 1998 10:26:01 -0500

One interesting thing MS does is an extension of the resolver libraries.
For example, if I do a netstat -a to show all the connections on my server,
it will try and resolve the IP back to a name (reverse lookup via
in-addr.arpa).  However, the extension is:  If it can't resolve it via DNS,
it will attempt to look it up using NetBIOS name resolution lookups.  If
its a Windoze environment (95, NT), the client will return its host name.

My guess on this one:  Their hitting an NT webserver configured to log
names, not IP addresses, in the log file and the client machines don't have
IN-ADDR.ARPA entries.  

Two other thoughts:

        1)      Keep IN-ADDR.ARPA up to date
        2)      Microsoft Internet Information Server only logs IP addresses, not names
given           the historical slowness of reverse lookups and sloppy maintenance.
I never                 understood why forward and reverse maps were decoupled in DNS,
although I'm            sure a good reason exists.  Process Software Purveyor logs
by name (or did)                and I'm not sure about Netscape's servers now.

My $0.02

Eric


At 02:24 PM 1/7/98 +0000, Paul Thornton wrote:

I noticed similar port 137 hits a while back, and after a bit of
investigating discovered that every time a colleague visited a web site
(using Netscape, incidentally) the server sent a port 137 request back to
the client PC.

Initially I thought this was a "helpful" MS extension in their server, but
have since seen port 137 hits from their nameservers as well.  This probably
points to some interesting name lookups going on at there end, which results
in a NetBIOS name lookup being sent back.  Somewhere I have the address of
the server in question - I'll dig it out if there is interest.  If nothing
else, their hit count will go up ;-)

Paul

--
Paul Thornton, Network Engineer, London Internet Exchange Ltd.
Tel: 07000 783797   Mobile: +44 467 372205



============================================================================
====
Eric Germann                            Computer and Communications Technologies
ekgermann () cctec com                  Van Wert, OH 45891
                                        Phone:  419 968 2640
http://www.cctec.com                    Fax:    419 968 2641

Network Design, Connectivity & System Integration Services 
A Microsoft Solution Provider                                   


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault