Knowledgebase
Online Technical Support
Software Upgrades: Please check our latest Download section.
Search Tip: You can increase the accuracy of your searches by using as many keywords as possible. Remove any common words such as "a", "or", "the" as they will be used in the search. Do not use any operands such as +, or quotation marks to enclose phrases.
|
Issue:
P Series router: How to prevent NETBIOS request packets from getting through to the WAN from the LAN.
Solution: To determine which computer is sending Netbios request packets on the LAN, you need to take a look at the Activation log in the router. Select the following router menu options: Network Events / Show Activation Log
This is an example of a screen shot from an Activation Log.
#2 2002-12-08 17:01:43 Dst 1.8.111.111 Src 10.1.199.166
#3 2002-12-08 17:01:43 Length = 48 - 45 00 00 30 1f 01 40 00 7f 06 91
+ 0a 01 c7 a6 0a 08 6f 6f 04 09 00 8b 00 72 38 05 00
+ 01 01 00 00 01 00 00 00 00 00 00 09 70 6c 61 74 72
+ 00 00 00 70 02 20 00 da f5 00 00 02 04 05 b4 01 01
+ 04 02
The octet locations for Ethernet Frames can be found in the PSeries Router Installation & Applications Guide.
We want the source address and the Destination Port starting octet locations from the activation log. The starting ethernet octet location for the source address is 12. The source address takes up octets 12 - 15. According to the activation log example, the source address is 0a 01c7a6. The source address is in hexadecimal and equates to IP address 10.1.199.166 in decimal notation which will be the IP address of the computer we are going to block.
The starting octet location for the Destination Port is 22. The Destination port takes up octets 22 and 23. The Destination port in this case is 008b in hexadecimal which equates to 139 in decimal. 139 happen to be the standard service port number for NetBios requests.
Based on the above information we can create a pattern filter in the following format:
12-0a01c7a6&22-008b
Now that we have our pattern filter, enter it into the router as follows. From the Main menu of the PSeries router, select the following menu options.
Configuration / Packet Service Set-up / Filter set-up / IP Router Pattern filters / Add Pattern
(For the following prompts, enter what you see in bold)
Enter :
global, lan, Remote site id or alias
>
global
Enter:
pattern filter (up to 80 characters)
>
12-0a01c7a6&22-008b
Enter :
pattern ID number (from 1 to 64)
> 1 (assuming this is the first pattern filter configured in router)
Done. Lastly, select the "Show pattern" option and verify that your pattern filter exists and is correctly entered,