From: Thomas Ribbrock (emgaron at domain gmx.net)
Date: Sat 18 Sep 1999 - 14:40:28 IST
On Sat, Sep 18, 1999 at 02:08:49PM +0100, Kenn Humborg wrote:
> I've heard that IIS often does netbios lookups on the connecting machine. It
> probably does some funny, proprietary type of authentication if the client
> is running Windows.
Judging from the cookies I get (ASPSESSION=...), at least Board Failte is
running IIS.
> If you want to see what's in the packets, use tcpdump:
>
> # tcpdump -i ppp0 port 137 -s 1000
Bingo!
[root at domain angua /root]# /usr/sbin/tcpdump -i ppp0 port 137 -s 1000
tcpdump: listening on ppp0
14:36:15.830895 bf-web.bord-failte.iol.ie.netbios-ns > ts01-176.limerick.indigo.ie.netbios-ns: udp 50
14:36:16.720879 bf-web.bord-failte.iol.ie.netbios-ns > ts01-176.limerick.indigo.ie.netbios-ns: udp 50
14:36:18.210854 bf-web.bord-failte.iol.ie.netbios-ns > ts01-176.limerick.indigo.ie.netbios-ns: udp 50
Looks, like I'll have to write those folks to set up their web server
properly...
Next step: I'll try to find out whether all the other hosts I got these
connections from could be something similar.
Thanks!
Thomas
--
-----------------------------------------------------------------------------
Thomas Ribbrock http://www.bigfoot.com/~kaytan ICQ#: 15839919
"You have to live on the edge of reality - to make your dreams come true!"
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:34 GMT