On Mon, 25 Oct 1999, Chad Glendenin wrote:
> i set up ipchains on my masquerade box to log any rejected packets. i was
> browsing the logs, and i noticed that about once every hour to
> hour-and-a-half, ipchains is rejecting incoming packets from IP addresses in
> the 169.254.0.0/255.255.0.0 network, on ports 137 and 138. why would
> anybody outside yale's 130.132.x.x network be trying to talk to my machine
> on the netbios ports? i am not running a samba server. what's going on
> here?
169.254.0.0 is the fake class-B range used by Microsoft's (and now some
other vendors') 'autonet' feature -- automatic IP configuration without
administrative intervention. The idea is that if you have a private
network, you can just set up a bunch of Windows 98 boxes on it (for
example), and they'll automatically negotiate IP addresses in this private
range among themselves (by, I think, choosing one randomly, ARPing to see
if it's used, and then using it).
People here will end up using addresses in 169.254.0.0 if they haven't yet
'registered' their connections, a process that informs the central DHCP
server that they're valid hosts. Without this 'registration', the
machines don't see a DHCP server and therefore invoke autonet.
It seems more likely, by the way, that you're getting the packets as
broadcasts; if you're not running Samba, I doubt any Windows machines are
trying to access your host specifically. The Windows machine is probably
doing a broadcast-based name resolution or participating in the browse-
master election process.
Shawn
This archive was generated by hypermail 2b29 : Wed Apr 27 2005 - 03:30:03 EDT