Re: Strange netmasks.

Richard B. Johnson (root@analogic.com)
Thu, 24 Jul 1997 09:08:48 -0400 (EDT)


On Wed, 23 Jul 1997, B. James Phillippe wrote:

> On Wed, 23 Jul 1997, Richard B. Johnson wrote:
>
> > I have been routing a subnet through my PPP link, i.e., 204.178.47.0.
> > We "own" 204.178.40.0 -> 204.178.47.255. This has worked fine for about
> > a year.
> >
> > Now some MiCrO$oFt garbage, that I can't control, executes a variation of
> > SNMP which sends ARP packets to every possible machine on the LAN. This
> > happens at two-second intervals.
>
> Are you sure it's ARP? You'd only see ARP across a PPP link if you're
> proxying it (Proxy-ARP). However, you're right in that all the M$
> protocols are broadcast-based pollutants, so what you're seeing could be
> NetBIOS.

Yes. I use Alexy's transparent proxy-ARP so I have connectivity through
all the machines I am routing at home.

It's the ARP variant of SNMP (Simplified Network Management Protocol).
It is used to make a "Pretty" display of network activity on about 20
new NT Machines. They use this instead of a "Screen Saver". Very smart.
Twenty machines, sending ARP requests to all possible nodes every two
minutes makes about every machine get, on the average, hit with this
garbage every 6 seconds.

>
> You should be able to do this no problem. The man page for route(8)
> specifies the "reject" qualifier as follows:
>
> reject Modifier installs a blocking route, which will
> force a route lookup to fail. This is for example
> used to mask out networks before using the default
> route. This is NOT for firewalling.
>
> Or you could use ipfwadm to do something like:
>
> ipfwadm -I -a deny -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
>
> You could block 139 TCP as well.

I will try this. My present "fix" was to route only machines, not the
whole network. This is a pain because it has to be done manually.

>
> > This MiCrO$oFt garbage is being executed by powerful "managers" who have
> > taken over the Network, so I can't control them. As a matter of fact, once
> > they find out that I have direct access to the Internet, I'm done (gone).
>
> I conducted an informal survey a while back about the amount of Micro$oft
> broadcast garbage traffic on the Internet that goes unaccounted for in a
> day.. It's very high. There's a cloud of spurious traffic out there
> originating from misconfigured NT server, that the owners of their own
> machines aren't even aware of.
>
> Hope this helps,
> -bp
Thanks.

Cheers,
DJ
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard B. Johnson
Analogic Corporation
Email : rjohnson@analogic.com, johnson@analogic.com
Penguin : Linux version 2.1.44 on an i586 machine (66.15 BogoMips).
Warning : It's hard to stay on the trailing edge of technology.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-