[unisog] DNS queries from Windows clients for every udp/137 and udp/138 broadcast they hear?

Reg Quinton reggers at ist.uwaterloo.ca
Wed Sep 28 13:48:23 GMT 2005


> Each of the affected machines is sending a two DNS lookups for every
> UDP broadcast packet it hears involving NetBIOS ports 137 or 138.

WINS is ancient history pre W2K -- we all ought to disable NetBIOS over 
TCP/IP (that's called NBT) and not play that game any more. From the "WINS" 
tab of Advanced TCP/IP Properties disable it. See also

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q204279

That gets rid of all traffic on 137, 138 and 139 in favor of port 445.

BEWARE: you can do that on pretty much all systems. I suspect there may be 
an impact of Samba clients who might expect NBT (that's a guess ... I 
suspect pam_smb is really NBT and not really SMB on port 445).




More information about the unisog mailing list