What is nbname and nbdatagram?

[roadrunner]

What is nbname and nbdatagram?
nbname and nbdatagram packets are sent out when a machine comes online to "announce its existance," figure out what the current "browse list" is (for things like Network Neighborhood), and who is the "master browser" (the "keeper" of the browse list). As such, large networks with lots of Windows-based machines tend to generate lots of these packets, and thus lots of "drops" in your firewall log.

Short of disabling all Microsoft Networking services on your PCs, the best way to drop these from the log is to create a rule at the top of your rulebase that reads:

any any nbt drop no log

Where "NBT" is a group that should be pre-created that contains nbname, nbdatagram, and nbsession. On 2.1 systems, this would be called NetBEUI. If you are running a version prior to 2.1, create services for UDP port 137, UDP port 138 and TCP port 139. These are the Microsoft Networking ports and services.


-- GuyR - 18 Jan 2004


FAQForm
FAQs.Class: ServicesFAQs
FAQs.OS:
FAQs.Version: