Re: (ASCEND) Re: NetBios Filters

[Christopher Beaumont <cbeaumont-ascend@netnevada.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is my contribution to controlling the line bring up problem.
The clients I have applied these to ARE NOT using TCP Microsoft 
Networking, on their local LAN, TCP is only for Internet use, I have 
always disabled the bindings for Microsoft TCP networking . 
Hope this may help.

************************
In NT
Network: TCP/IP Protocol (Properties): WINS Address
Disable DNS for Windows Resolution

************************
http://www.microsoft.com/kb/articles/q137/3/68.htm
- - - - -Microsoft's  DNS Bug Information
 Microsoft Knowledge Base				
How to Disable NetBIOS Name Resolution on DNS				
Last reviewed: May 1, 1997  Article ID: Q137368 			
The information in this article applies to:  Microsoft Windows 95  
IMPORTANT: This article contains information about editing the 
registry. Before you edit the registry, you should first make a 
backup copy of the registry files (System.dat and User.dat). Both are 
hidden files in the Windows folder.  SUMMARY This article describes 
how to disable NetBIOS name resolution on a domain- name system (DNS) 
while retaining other DNS functionality.  MORE INFORMATION When 
Windows 95 tries to resolve a NetBIOS name using a NetBIOS name 
server, it first checks a Windows Internet Name Service (WINS) 
server, and then checks a DNS server.  WARNING: Using Registry Editor 
incorrectly can cause serious problems that may require you to 
reinstall Windows 95. Microsoft cannot guarantee that problems 
resulting from the incorrect use of Registry Editor can be solved. 
Use Registry Editor at your own risk.  NOTE: For information about 
how to edit the registry, view the Changing Keys And Values online 
Help topic in Registry Editor (Regedit.exe). Note that you should 
make a backup copy of the registry files (System.dat and User.dat) 
before you edit the registry.  To disable NetBIOS name resolution on 
a DNS server, change the string value     EnableDNS in the registry 
key     
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP from 1 
to 0. 		 	
				
query words: 95 black hole tcp/ip Keywords : kbnetwork kbusage msnets 
win95 Version : 95 Platform : WINDOWS </SPAN>  THE INFORMATION 
PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER 
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND 
FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT 
CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER 
INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF 
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR 
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR 
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY 
NOT APPLY.  Last reviewed: May 1, 1997  ©1997 Microsoft Corporation. 
All rights reserved. Legal Notices </MISC/CPYRIGHT.HTM>.

************************
An ascend filter that was passed on to me that may help:

     START=FILT=200=0
     Name=Windows Call
     In filter 01...Valid=Yes
     Out filter 01...Valid=Yes
     Out filter 01...Type=IP
     Out filter 01...Ip...Protocol=17
     Out filter 01...Ip...Src Port Cmp=Eql
     Out filter 01...Ip...Src Port #=137
     Out filter 01...Ip...Dst Port Cmp=Eql
     Out filter 01...Ip...Dst Port #=137
     Out filter 02...Valid=Yes
     Out filter 02...Type=IP
     Out filter 02...Ip...Protocol=17
     Out filter 02...Ip...Src Port Cmp=Eql
     Out filter 02...Ip...Src Port #=138
     Out filter 02...Ip...Dst Port Cmp=Eql
     Out filter 02...Ip...Dst Port #=138
     Out filter 03...Valid=Yes
     Out filter 03...Type=IP
     Out filter 03...Ip...Protocol=17
     Out filter 03...Ip...Src Port Cmp=Eql
     Out filter 03...Ip...Src Port #=139
     Out filter 03...Ip...Dst Port Cmp=Eql
     Out filter 03...Ip...Dst Port #=139
     Out filter 04...Valid=Yes
     Out filter 04...Type=IP
     Out filter 04...Generic...Forward=Yes
     Out filter 04...Ip...Forward=Yes
     END=FILT=200=0


At 10:56 PM 10/7/97 +0100, you wrote:
>I just read the FAQ Kevin Smith mentioned for the description of 
NetBEUI
>filters (http://www.ascend.com/faqs/750/786-faq.html) and it looks 
to me
>that a long, long thread is going to start again in this list...
>
>Basically it describes how to filter UDP traffic on ports 137-139. 
I've
>tried that in the past (having a NT 3.51 workstation behind a P50) 
with
>little success. As suggested on this list I even filtered TCP 
traffic on
>these ports with the same effect. Strange, before joining the Ascend
>list I always thought that Ethernet traffic in general and binary
>matches in particular were deterministic actions, i.e. when I do 
exactly
>what somebody else describes what I have to do to filter some sort 
of
>traffic it would just work. I am not sure anymore ;->
>
>Then I used the debug method to determine the packet that causes the
>dial-out (debug mode/wdd). It looked like:
>
>WD_DIALOUT_DISP: chunk 25B6DE type OLD-STYLE-PADDED.
>: 44 octets @ 2864A8
>
>00 C0 7B 5C DD A7      destination MAC
>00 00 C0 D3 9D AD      source MAC
>08 00                  type IP
>45 00 00 2C 8B 54      ???
>40 00 1F 06 13 B1      ???
>FF D9 61 12            149.xxx.97.18  <NT host>
>FF D9 30 02            149.xxx.48.2   <DNS name server>
>06 C8 00 6E 2E CC      ???
>4F 59 00 00            ???
>
>I couldn't decode it fully but from the addresses I guessed it was a
>WINS call to the name server, thus totally legal.
>In contrast to the FAQ I think that configuring WINS is not causing
>grief for NT users. WINS is comparable to DNS, it's a service you 
need
>on the LAN. If you filter it you'll miss it. Of course, the local NT
>machines should be listed in a local LMHOSTS file to reduce this 
kind of
>traffic.
>
>Still not happy with a call every 10 minutes I searched the MS
>website/Knowledge Base for the dialup issue. I found two texts 
dealing
>with NT browser lookups and Domain Controller lookups:
>
>Information on Browser Operation
>Article ID: Q102878
>Revision Date: 24-SEP-1996
>
>Browsing & Other Traffic Incur High Costs over ISDN Routers
>Article ID: Q134985
>Revision Date: 03-SEP-1996
>
>In essence my trouble started when I connected to a NT domain and 
became
>part of it. When I log off NT generates a list of all known domains 
the
>NT workstation is part of and this causes a dial-out. Solution: I 
don't
>log off anymore :-) 
>
>And there are frequent browser updates and such associated with 
domain
>membership as outlined in the first MS article. In the second MS 
article
>I found registry keys which control the frequency of the updates. I
>changed them from 10 minutes to 1 day and I can live with it now.
>
>This "solution" does not impair NT browsing other than the browsing 
list
>sometimes is 1 day old whereas with filtering I would not get any
>browsing information. (Besides, filtering did never work for me, 
either
>because I am too dumb to copy Ascend's FAQ or I mix up In and 
Out...)
>
>Then somebody suggested using IP only. Of course you can transfer 
files
>with an ftp client, you could mount NFS drives using 3rd party 
software,
>you could even telnet into a NT box with additional software. But, 
alas,
>there is one thing I experienced that will only work with NetBEUI
>enabled. Sometimes the remote domain controller won't authenticate 
me.
>For whatever reasons (mumble, mumble, "Your set of permissions do 
not
>match the requested permissions..."), and sure next day it _will_ 
let me
>in.
>The workaround is to mount an NT drive in File Manager (via NetBEUI) 
- -
>the only place where NT will ask you for a username and password if 
it
>thinks you are not authorized to come in the easy way. All other 
silent
>logins (via RPC) will not ask but refuse the request. The eventlog 
for
>example. So I keep NetBEUI alive, and sometimes it's only convenient 
to
>mount a drive in File Manager.
>
>Hope this makes the "NT filtering" thing a bit easier for all of us 
who
>are suffering from MS operating systems. One day MS will give up 
NetBEUI
>altogether in favor of IP and Ascend's users will be happy again. 
>
>Sorry if this post got a bit longer.
> 
>Cheers, 
>   Wolfgang
>
>_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
_-_-
>                         B  E  N  E  I  C  K  E
>                               EDV-Beratung
>_____________________________________________________________________
___
>        Netzwerk-Design - 3Com Solution Partner
>           ISDN Remote Access - ASCEND Vertrieb
>              DIGITAL PC-Systeme und Server
>                 ApplePoint
>                    Windows NT-Netzwerke
>                       Unix Workstation-Peripherie
>
>Dr. Wolfgang Beneicke                                 fon +49-6223-
48126
>Fasanenstrasse 16, D-69251 Gaiberg                     fax +49-6223-
5708
>...near world famous Heidelberg, Germany
>_-_-_-_-_s-c_h-n_i-p_p_-_-_-_-_-_-_-_-_-_--_-_-_-_-_-_-_-_z-a_c-k_-_-
_-_
>++ Ascend Users Mailing List ++
>To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd:	<http://www.nealis.net/ascend/faq>
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNDvSizFXdCayiTaREQJSygCff947QDrXeYnK4JDyphO7IN808/IAoLA2
/mto0UMAkJ4CdM122MYB/94C
=sM2E
-----END PGP SIGNATURE-----


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

• Prev by Date: Re: (ASCEND) sigh
• Next by Date: Re: (ASCEND) upgrading - what terminal app?
• Prev by thread: Re: (ASCEND) Re: NetBios Filters
• Next by thread: (ASCEND) ok, color me perplexed
• Index(es):
  • Main
  • Thread