[14563] in North American Network Operators' Group
Re: UDP port 137 Question
daemon@ATHENA.MIT.EDU (Eric Germann)
Wed Jan 7 10:35:14 1998
Date: Wed, 07 Jan 1998 10:26:01 -0500
To: Paul Thornton <prt@linx.net>
From: Eric Germann <ekgermann@cctec.com>
Cc: "C. Jon Larsen" <jlarsen@ford.ajtech.com>, nanog@merit.edu
In-Reply-To: <Pine.GSO.3.93.980107141815.3822A-100000@london.linx.net>
One interesting thing MS does is an extension of the resolver libraries.
For example, if I do a netstat -a to show all the connections on my server,
it will try and resolve the IP back to a name (reverse lookup via
in-addr.arpa). However, the extension is: If it can't resolve it via DNS,
it will attempt to look it up using NetBIOS name resolution lookups. If
its a Windoze environment (95, NT), the client will return its host name.
My guess on this one: Their hitting an NT webserver configured to log
names, not IP addresses, in the log file and the client machines don't have
IN-ADDR.ARPA entries.
Two other thoughts:
1) Keep IN-ADDR.ARPA up to date
2) Microsoft Internet Information Server only logs IP addresses, not names
given the historical slowness of reverse lookups and sloppy maintenance.
I never understood why forward and reverse maps were decoupled in DNS,
although I'm sure a good reason exists. Process Software Purveyor logs
by name (or did) and I'm not sure about Netscape's servers now.
My $0.02
Eric
At 02:24 PM 1/7/98 +0000, Paul Thornton wrote:
>
>I noticed similar port 137 hits a while back, and after a bit of
>investigating discovered that every time a colleague visited a web site
>(using Netscape, incidentally) the server sent a port 137 request back to
>the client PC.
>
>Initially I thought this was a "helpful" MS extension in their server, but
>have since seen port 137 hits from their nameservers as well. This probably
>points to some interesting name lookups going on at there end, which results
>in a NetBIOS name lookup being sent back. Somewhere I have the address of
>the server in question - I'll dig it out if there is interest. If nothing
>else, their hit count will go up ;-)
>
>Paul
>
>--
>Paul Thornton, Network Engineer, London Internet Exchange Ltd.
>Tel: 07000 783797 Mobile: +44 467 372205
>
============================================================================
====
Eric Germann Computer and Communications Technologies
ekgermann@cctec.com Van Wert, OH 45891
Phone: 419 968 2640
http://www.cctec.com Fax: 419 968 2641
Network Design, Connectivity & System Integration Services
A Microsoft Solution Provider
