[lug] XP floods linux network, ideas ?
chuck morrison
cmorrison at greeleynet.com
Tue May 3 15:02:44 MDT 2005
Ken,
Thanks for the ideas... see below.
On Tuesday 03 May 2005 01:19 pm, Ken MacFerrin wrote:
...
> > Chuck,
> > If these are Win 2K/XP machines and you have DNS setup for your network
> > you can disable NetBIOS over TCP/IP on the Windows machines. I would
> > think this should stop the NBNS floods.
I've tried that. Problem there is that it eliminates access to old workgroup
shares. Not a problem for me :) , but the windows users would complain, to
say the least.
> > Otherwise, you can designate one samba server as an WINS (NBNS) server.
> > In the primary samba server smb.conf just add:
> >
> > wins support = true
> >
> > In your _other_ Samba servers:
> > wins support = false
> > wins server = nbns.server.ip
> >
> > You can then configure your ISC dhcpd to inform the client pc's. In
> > dhcpd.conf:
> >
> > option netbios-name-servers nbns.server.ip;
> > option netbios-node-type 8;
> >
> > -Ken
We have done all that from the beginning. The main samba file server is also
doing wins, but is on a 192.168 network.
> PS - The reason for the packet spew is the order in which Windows does
> name resolution. IIRC:
>
> 1. NetBIOS name cache — queries the local NetBIOS name cache.
>
> 2. WINS server — If not resolved in step 1 then it tries using a WINS
> server.
Part of the issue is that if dhcp fails, the PC uses APIPA (like zeroconf)
gives itself a 169.254.x.x address for a while, until it gets a real dhcp
address. It's not that dhcp fails, but that when switching networks XP
doesn't ask the right questions right away. During that time it's spewing
netbios broadcasts from that address. Given that our network is a 192.168.x.x
range, there is no way a wins server can reply to the spewed broadcasts (at
least directly).
I'll look into providing an interface into 169.254.0.0 from the wins server.
> [Insert your problem here:]
> 3. Broadcasts within an IP subnet — If 1 & 2 fail the client tries a
> broadcast (a lot of broadcasts) to the other computers in the network.
Yes indeed ! I've counted roughly 5000 per second from one pc.
> 4. LMHOSTS file — If 3 fails and LMHOSTS lookup is enabled, it looks at
> the LMHOSTS file.
Which of course doesn't exist...
> 5. HOSTS file — If 4 fails the client then looks at the HOSTS file (same
> as linux /etc/hosts).
Which again, does not exist...
> 6. DNS server — If 'DNS for Windows Resolution' is enabled the client
> queries the DNS server.
Haven't checked that, but by this time the damage has been done...
More information about the LUG
mailing list