Re: servers using netbios??

[Adam Langley <alangley@xxxxxxxxx>]

On 8/25/05, alien <alien51@xxxxxxxxxxxx> wrote:
> I'm totally confused by the following situation. My firewall is
> blocking some outgoing UDP connections from port 137 (netbios) to port
> 137. This has happened twice and both times the remote IP was of a Tor
> server. Netbios should not be going to the internet, my firewall did right.

I'm guessing that your running a Windows box and I'll say right off
that I don't really know what I'm talking about when it comes to
Windows.

But UDP netbios packets are involved with name resolution on windows.
Since your Tor server may well be looking up the names of Tor servers
quite often you can expect that their DNS will be down from time to
time. [1] says that netbios is used as a backup if DNS fails.

Quite how Windows knows where to send the packets if the DNS failed I
don't know (has it cached maybe), but MS protocol do a lot of crazy
stuff.

[1] http://support.microsoft.com/default.aspx?scid=kb;EN-US;172218

-- 
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60