(ASCEND) Re: NetBios Filters

To: ascend-users@max.bungi.com
Subject: (ASCEND) Re: NetBios Filters
From: "Dr. Wolfgang Beneicke" <beneicke@otto.mpimf-heidelberg.mpg.de>
Date: Tue, 07 Oct 1997 22:56:15 +0100
References: <199710070545.WAA28429@max.bungi.com>
Sender: owner-ascend-users@max.bungi.com

I just read the FAQ Kevin Smith mentioned for the description of NetBEUI
filters (http://www.ascend.com/faqs/750/786-faq.html) and it looks to me
that a long, long thread is going to start again in this list...

Basically it describes how to filter UDP traffic on ports 137-139. I've
tried that in the past (having a NT 3.51 workstation behind a P50) with
little success. As suggested on this list I even filtered TCP traffic on
these ports with the same effect. Strange, before joining the Ascend
list I always thought that Ethernet traffic in general and binary
matches in particular were deterministic actions, i.e. when I do exactly
what somebody else describes what I have to do to filter some sort of
traffic it would just work. I am not sure anymore ;->

Then I used the debug method to determine the packet that causes the
dial-out (debug mode/wdd). It looked like:

WD_DIALOUT_DISP: chunk 25B6DE type OLD-STYLE-PADDED.
: 44 octets @ 2864A8

00 C0 7B 5C DD A7      destination MAC
00 00 C0 D3 9D AD      source MAC
08 00                  type IP
45 00 00 2C 8B 54      ???
40 00 1F 06 13 B1      ???
FF D9 61 12            149.xxx.97.18  <NT host>
FF D9 30 02            149.xxx.48.2   <DNS name server>
06 C8 00 6E 2E CC      ???
4F 59 00 00            ???

I couldn't decode it fully but from the addresses I guessed it was a
WINS call to the name server, thus totally legal.
In contrast to the FAQ I think that configuring WINS is not causing
grief for NT users. WINS is comparable to DNS, it's a service you need
on the LAN. If you filter it you'll miss it. Of course, the local NT
machines should be listed in a local LMHOSTS file to reduce this kind of
traffic.

Still not happy with a call every 10 minutes I searched the MS
website/Knowledge Base for the dialup issue. I found two texts dealing
with NT browser lookups and Domain Controller lookups:

Information on Browser Operation
Article ID: Q102878
Revision Date: 24-SEP-1996

Browsing & Other Traffic Incur High Costs over ISDN Routers
Article ID: Q134985
Revision Date: 03-SEP-1996

In essence my trouble started when I connected to a NT domain and became
part of it. When I log off NT generates a list of all known domains the
NT workstation is part of and this causes a dial-out. Solution: I don't
log off anymore :-) 

And there are frequent browser updates and such associated with domain
membership as outlined in the first MS article. In the second MS article
I found registry keys which control the frequency of the updates. I
changed them from 10 minutes to 1 day and I can live with it now.

This "solution" does not impair NT browsing other than the browsing list
sometimes is 1 day old whereas with filtering I would not get any
browsing information. (Besides, filtering did never work for me, either
because I am too dumb to copy Ascend's FAQ or I mix up In and Out...)

Then somebody suggested using IP only. Of course you can transfer files
with an ftp client, you could mount NFS drives using 3rd party software,
you could even telnet into a NT box with additional software. But, alas,
there is one thing I experienced that will only work with NetBEUI
enabled. Sometimes the remote domain controller won't authenticate me.
For whatever reasons (mumble, mumble, "Your set of permissions do not
match the requested permissions..."), and sure next day it _will_ let me
in.
The workaround is to mount an NT drive in File Manager (via NetBEUI) -
the only place where NT will ask you for a username and password if it
thinks you are not authorized to come in the easy way. All other silent
logins (via RPC) will not ask but refuse the request. The eventlog for
example. So I keep NetBEUI alive, and sometimes it's only convenient to
mount a drive in File Manager.

Hope this makes the "NT filtering" thing a bit easier for all of us who
are suffering from MS operating systems. One day MS will give up NetBEUI
altogether in favor of IP and Ascend's users will be happy again. 

Sorry if this post got a bit longer.
 
Cheers, 
   Wolfgang

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
                         B  E  N  E  I  C  K  E
                               EDV-Beratung
________________________________________________________________________
        Netzwerk-Design - 3Com Solution Partner
           ISDN Remote Access - ASCEND Vertrieb
              DIGITAL PC-Systeme und Server
                 ApplePoint
                    Windows NT-Netzwerke
                       Unix Workstation-Peripherie

Dr. Wolfgang Beneicke                                 fon +49-6223-48126
Fasanenstrasse 16, D-69251 Gaiberg                     fax +49-6223-5708
...near world famous Heidelberg, Germany
_-_-_-_-_s-c_h-n_i-p_p_-_-_-_-_-_-_-_-_-_--_-_-_-_-_-_-_-_z-a_c-k_-_-_-_
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) Re: NetBios Filters

From: Jason Eggleston <jason@jet.net>

Prev by Date: Re: (ASCEND) Modem 7:8 bad last 8 calls
Next by Date: Re: (ASCEND) Re: T1 problems with Pipeline 130 and 5.1a
Prev by thread: (ASCEND) USR V.42bis problem update
Next by thread: Re: (ASCEND) Re: NetBios Filters
Index(es):
- Main
- Thread