Firewall Wizards mailing list archives

Re: RE: Help w/ Port 137 Traffic

From: Richard Sharpe <rsharpe () ns aus com>
Date: Tue, 15 Oct 2002 05:41:11 +0930 (CST)

On Mon, 14 Oct 2002, Mikael Olsson wrote:



Bill Royds wrote:


The netbios Name query/response packets are in the same format as DNS 
query/response packets, just on port 137 instead of 53


*ding*

They're not even remotely related.

Do a dump of a netbios name query and you'll see a string like
"IJDFYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
where each letter is one nibble (4 bits), plus 'A' (which means
that each "AA" pair is in fact a representation of NUL.)

Do a dump of a DNS query and you'll see a string like
"www.bustyvixens.com" umm .. ^H^H^H^H^H^H^H^H^H^H^H^Hmicrosoft.com"


Hmmm, I don't want to make a lot of game-show like noises, but there are 
similarities between DNS requests and NetBIOS name requests, however, the 
RFC1001/RFC1002 people did choose a really weird encoding for names.

For more information on NetBIOS name requests, I would suggest that you 
look at the excellent documentation at ubiqx.org/cifs.

Regards
-----
Richard Sharpe, rsharpe () ns aus com, rsharpe () samba org, 
sharpe () ethereal com, http://www.richardsharpe.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Help w/ Port 137 Traffic, (continued)
- RE: Help w/ Port 137 Traffic Mike McCandless (Oct 13)
  - RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 13)
    - RE: RE: Help w/ Port 137 Traffic Frank Knobbe (Oct 13)
    - RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 14)
  - Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 13)
    - Re: RE: Help w/ Port 137 Traffic Devdas Bhagat (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic Luca Berra (Oct 14)
    - RE: RE: Help w/ Port 137 Traffic Bill Royds (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic Mikael Olsson (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic Richard Sharpe (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic Mikael Olsson (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic Richard Sharpe (Oct 14)
    - Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)
- RE: RE: Help w/ Port 137 Traffic Bill Royds (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Miha Vitorovic (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Miha Vitorovic (Oct 14)