[NCLUG] port monitorer
Michael Dwyer
mdwyer at sixthdimension.com
Mon Feb 19 09:48:57 MST 2001
> > I laughed at this at first (and still think it's funny), but then the
> > thought occured to me, "do winbloze boxes try to contact microsoft?"
> > Seriously, I'd be interested in knowing, and if so, why?
>
> I don't know how much they report back to Redmond Centre but they
> flood a network with SMB traffic (here I am at \\MACHINE stuff).
The Windows network naming system makes no distinction between
internet domain names and windows network names. So when a network
app asks for a name to be resolved, if it fails to resolve under DNS, it
will
use NetBIOS. Usually this means all the local machines on the subnet.
When you visit a site run on a Windows server, and it wants to do a
reverse lookup on you, it will often query you via windows naming,
too, so you will get NetBIOS requests from strange places...
Not malicious, but still kind of stupid.
But more and more, who knows? There are a number of programs
out there that regularly report on you using the internet. As much as I
think he's a kook, you might enjoy the tools and documents at Steve
Gibson's grc.com. Also, look into the free "ZoneAlarm".
(I was gonna make a "Hack the Gibson" joke, here, al la the movie
"Hackers", but I thought better of it...)
More information about the NCLUG
mailing list