"Jason" <Jason@discussions.microsoft.com> wrote in message
news:66F9A172-D658-4713-BEF1-EEBBCE0AAFF5@microsoft.com...
> Yep - 137. Actually I misread the isa logs - its not inbound - its
outbound
> - which is just as odd - guess I should post in the isa forums - cant see
why
> it would need netbios name resolution for an internet protocol resolved
using
> dns. NetBios over IP is disabled at the server and client.
>
> Anyways - thanks for the help!
> J
>
> "Bernard" wrote:
>
> > Weird. port 137 ?
> > this is relate netbios over tcpip.
> > are you using FQDN name or netbios name ?
> >
> > I can't think of anything if you are using FQDN. e.g. ftp.aa.com
> > anyway, have you try disable netbios over tcpip ?
> >
> > --
> > Regards,
> > Bernard Cheah
> > http://www.tryiis.com/
> > http://support.microsoft.com/
> > http://www.msmvps.com/bernard/
> >
> >
> >
> > "Jason" <Jason@discussions.microsoft.com> wrote in message
> > news:36D64B9A-5603-48BF-ADBC-FACF8300C74B@microsoft.com...
> > >
> > > We have a 2003 server that is colocated (offsite) that we manage.
This
> > box
> > > hosts our Web server, FTP server, and one of our external DNS servers.
> > We
> > > are behind an ISA 2000 box. All of a sudden we started noticing a 10
> > second
> > > delay when issuing a "ftp domain.com" to transfer some files to the
> > server.
> > > This 10 second delay (give or take a few) is not there for other FTP
> > sites -
> > > mainly another colocated box thats running Windows 2000. After
looking
> > into
> > > the problem a lot more, my ISA logs show requests coming from the 2003
> > server
> > > into the ISA box for port 137. It seems that for whatever reason -
when
> > we
> > > connect to the ftp service - it attempts a Netbios request back to the
> > > originating IP, ISA blocks this, and the 2003 box times out those
requests
> > > then proceeds with the FTP service. If attempted outside the ISA box,
the
> > > delay is not there. Web traffic doesnt have the delay.
> > >
> > > Any thoughts?
> > >
> > > Thanks for the help,
> > > Jason
> >
> >
> >

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:ulgSqrc1EHA.2316@TK2MSFTNGP15.phx.gbl...
> Ok, do update us when you found out why :)
>
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Jason" <Jason@discussions.microsoft.com> wrote in message
> news:66F9A172-D658-4713-BEF1-EEBBCE0AAFF5@microsoft.com...
> > Yep - 137. Actually I misread the isa logs - its not inbound - its
> outbound
> > - which is just as odd - guess I should post in the isa forums - cant
see
> why
> > it would need netbios name resolution for an internet protocol resolved
> using
> > dns. NetBios over IP is disabled at the server and client.
> >
> > Anyways - thanks for the help!
> > J
> >
> > "Bernard" wrote:
> >
> > > Weird. port 137 ?
> > > this is relate netbios over tcpip.
> > > are you using FQDN name or netbios name ?
> > >
> > > I can't think of anything if you are using FQDN. e.g. ftp.aa.com
> > > anyway, have you try disable netbios over tcpip ?
> > >
> > > --
> > > Regards,
> > > Bernard Cheah
> > > http://www.tryiis.com/
> > > http://support.microsoft.com/
> > > http://www.msmvps.com/bernard/
> > >
> > >
> > >
> > > "Jason" <Jason@discussions.microsoft.com> wrote in message
> > > news:36D64B9A-5603-48BF-ADBC-FACF8300C74B@microsoft.com...
> > > >
> > > > We have a 2003 server that is colocated (offsite) that we manage.
> This
> > > box
> > > > hosts our Web server, FTP server, and one of our external DNS
servers.
> > > We
> > > > are behind an ISA 2000 box. All of a sudden we started noticing a
10
> > > second
> > > > delay when issuing a "ftp domain.com" to transfer some files to the
> > > server.
> > > > This 10 second delay (give or take a few) is not there for other FTP
> > > sites -
> > > > mainly another colocated box thats running Windows 2000. After
> looking
> > > into
> > > > the problem a lot more, my ISA logs show requests coming from the
2003
> > > server
> > > > into the ISA box for port 137. It seems that for whatever reason -
> when
> > > we
> > > > connect to the ftp service - it attempts a Netbios request back to
the
> > > > originating IP, ISA blocks this, and the 2003 box times out those
> requests
> > > > then proceeds with the FTP service. If attempted outside the ISA
box,
> the
> > > > delay is not there. Web traffic doesnt have the delay.
> > > >
> > > > Any thoughts?
> > > >
> > > > Thanks for the help,
> > > > Jason
> > >
> > >
> > >
>
>

"Timothy J. Bruce" <uniblab@hotmail.com> wrote in message
news:G76sd.438$925.59482@news1.epix.net...
> et al:
>
> NT simply attempts to use NetBIOS for name resolution. You can test this
> yourself with something simple like comparing tracert with both the -D
> switch present and absent.
>
> If you would like to completely remove this form of name discovery,
install
> RRAS and apply an output filter to the interface to block outbound 137.
> This will do the trick regardless of any other setting.
>
> #PORT NUMBERS
> #(last updated 18 November 2004)
> <snip>
> netbios-ns 137/tcp NETBIOS Name Service
> netbios-ns 137/udp NETBIOS Name Service
> </snip>
>
> Or you could install a decent firewall,
> Timothy J. Bruce
> uniblab@hotmail.com
> </RANT>
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:ulgSqrc1EHA.2316@TK2MSFTNGP15.phx.gbl...
> > Ok, do update us when you found out why :)
> >
> >
> > --
> > Regards,
> > Bernard Cheah
> > http://www.tryiis.com/
> > http://support.microsoft.com/
> > http://www.msmvps.com/bernard/
> >
> >
> >
> > "Jason" <Jason@discussions.microsoft.com> wrote in message
> > news:66F9A172-D658-4713-BEF1-EEBBCE0AAFF5@microsoft.com...
> > > Yep - 137. Actually I misread the isa logs - its not inbound - its
> > outbound
> > > - which is just as odd - guess I should post in the isa forums - cant
> see
> > why
> > > it would need netbios name resolution for an internet protocol
resolved
> > using
> > > dns. NetBios over IP is disabled at the server and client.
> > >
> > > Anyways - thanks for the help!
> > > J
> > >
> > > "Bernard" wrote:
> > >
> > > > Weird. port 137 ?
> > > > this is relate netbios over tcpip.
> > > > are you using FQDN name or netbios name ?
> > > >
> > > > I can't think of anything if you are using FQDN. e.g. ftp.aa.com
> > > > anyway, have you try disable netbios over tcpip ?
> > > >
> > > > --
> > > > Regards,
> > > > Bernard Cheah
> > > > http://www.tryiis.com/
> > > > http://support.microsoft.com/
> > > > http://www.msmvps.com/bernard/
> > > >
> > > >
> > > >
> > > > "Jason" <Jason@discussions.microsoft.com> wrote in message
> > > > news:36D64B9A-5603-48BF-ADBC-FACF8300C74B@microsoft.com...
> > > > >
> > > > > We have a 2003 server that is colocated (offsite) that we manage.
> > This
> > > > box
> > > > > hosts our Web server, FTP server, and one of our external DNS
> servers.
> > > > We
> > > > > are behind an ISA 2000 box. All of a sudden we started noticing a
> 10
> > > > second
> > > > > delay when issuing a "ftp domain.com" to transfer some files to
the
> > > > server.
> > > > > This 10 second delay (give or take a few) is not there for other
FTP
> > > > sites -
> > > > > mainly another colocated box thats running Windows 2000. After
> > looking
> > > > into
> > > > > the problem a lot more, my ISA logs show requests coming from the
> 2003
> > > > server
> > > > > into the ISA box for port 137. It seems that for whatever
reason -
> > when
> > > > we
> > > > > connect to the ftp service - it attempts a Netbios request back to
> the
> > > > > originating IP, ISA blocks this, and the 2003 box times out those
> > requests
> > > > > then proceeds with the FTP service. If attempted outside the ISA
> box,
> > the
> > > > > delay is not there. Web traffic doesnt have the delay.
> > > > >
> > > > > Any thoughts?
> > > > >
> > > > > Thanks for the help,
> > > > > Jason
> > > >
> > > >
> > > >
> >
> >
>
>

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:utuIMv02EHA.2012@TK2MSFTNGP15.phx.gbl...
> I understand this, if it involved netbios resolution. however, when it's
> pure host name resolution, my understanding is that there will be no
netbios
> resolution except when netbios over tcpip is enabled.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Timothy J. Bruce" <uniblab@hotmail.com> wrote in message
> news:G76sd.438$925.59482@news1.epix.net...
> > et al:
> >
> > NT simply attempts to use NetBIOS for name resolution. You can test
this
> > yourself with something simple like comparing tracert with both the -D
> > switch present and absent.
> >
> > If you would like to completely remove this form of name discovery,
> install
> > RRAS and apply an output filter to the interface to block outbound 137.
> > This will do the trick regardless of any other setting.
> >
> > #PORT NUMBERS
> > #(last updated 18 November 2004)
> > <snip>
> > netbios-ns 137/tcp NETBIOS Name Service
> > netbios-ns 137/udp NETBIOS Name Service
> > </snip>
> >
> > Or you could install a decent firewall,
> > Timothy J. Bruce
> > uniblab@hotmail.com
> > </RANT>
> >
> >
> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > news:ulgSqrc1EHA.2316@TK2MSFTNGP15.phx.gbl...
> > > Ok, do update us when you found out why :)
> > >
> > >
> > > --
> > > Regards,
> > > Bernard Cheah
> > > http://www.tryiis.com/
> > > http://support.microsoft.com/
> > > http://www.msmvps.com/bernard/
> > >
> > >
> > >
> > > "Jason" <Jason@discussions.microsoft.com> wrote in message
> > > news:66F9A172-D658-4713-BEF1-EEBBCE0AAFF5@microsoft.com...
> > > > Yep - 137. Actually I misread the isa logs - its not inbound - its
> > > outbound
> > > > - which is just as odd - guess I should post in the isa forums -
cant
> > see
> > > why
> > > > it would need netbios name resolution for an internet protocol
> resolved
> > > using
> > > > dns. NetBios over IP is disabled at the server and client.
> > > >
> > > > Anyways - thanks for the help!
> > > > J
> > > >
> > > > "Bernard" wrote:
> > > >
> > > > > Weird. port 137 ?
> > > > > this is relate netbios over tcpip.
> > > > > are you using FQDN name or netbios name ?
> > > > >
> > > > > I can't think of anything if you are using FQDN. e.g. ftp.aa.com
> > > > > anyway, have you try disable netbios over tcpip ?
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Bernard Cheah
> > > > > http://www.tryiis.com/
> > > > > http://support.microsoft.com/
> > > > > http://www.msmvps.com/bernard/
> > > > >
> > > > >
> > > > >
> > > > > "Jason" <Jason@discussions.microsoft.com> wrote in message
> > > > > news:36D64B9A-5603-48BF-ADBC-FACF8300C74B@microsoft.com...
> > > > > >
> > > > > > We have a 2003 server that is colocated (offsite) that we
manage.
> > > This
> > > > > box
> > > > > > hosts our Web server, FTP server, and one of our external DNS
> > servers.
> > > > > We
> > > > > > are behind an ISA 2000 box. All of a sudden we started noticing
a
> > 10
> > > > > second
> > > > > > delay when issuing a "ftp domain.com" to transfer some files to
> the
> > > > > server.
> > > > > > This 10 second delay (give or take a few) is not there for other
> FTP
> > > > > sites -
> > > > > > mainly another colocated box thats running Windows 2000. After
> > > looking
> > > > > into
> > > > > > the problem a lot more, my ISA logs show requests coming from
the
> > 2003
> > > > > server
> > > > > > into the ISA box for port 137. It seems that for whatever
> reason -
> > > when
> > > > > we
> > > > > > connect to the ftp service - it attempts a Netbios request back
to
> > the
> > > > > > originating IP, ISA blocks this, and the 2003 box times out
those
> > > requests
> > > > > > then proceeds with the FTP service. If attempted outside the
ISA
> > box,
> > > the
> > > > > > delay is not there. Web traffic doesnt have the delay.
> > > > > >
> > > > > > Any thoughts?
> > > > > >
> > > > > > Thanks for the help,
> > > > > > Jason
> > > > >
> > > > >
> > > > >
> > >
> > >
> >
> >
>
>

"Timothy J. Bruce" <uniblab@hotmail.com> wrote in message
news:ykKtd.756$925.84131@news1.epix.net...
> Bernard et al:
>
> Disabling/Enabling NetBIOS on an Interface merely enables/disables that
> Interface's ability to be considered a NetBIOS host/group; it does *NOT*
> disable NetBIOS traffic, e.g.: if one were to disable NetBIOS on an
> interface (via that interface's property page) - even if that interface is
> the only interface on that host! - a tracert against a dotted-quad (w/o
> the -D option) will invoke NetBIOS Name Resolution in addition to other
> forms of name resolution, as name resolution is a function of the
> networking
> subsystem rather than a property of any particular interface. This is
> exactly the same as any other form of name resolution. If you wanted to
> disable a particular interface from engaging in DNS queries, would you
> twiddle with the name-server entries in that interface's property pages,
> or
> would you block that interface's out-going port 42 traffic?
>
> Or you could use AppleTalk and never worry about understanding IP networks
> again,
> </RANT>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:utuIMv02EHA.2012@TK2MSFTNGP15.phx.gbl...
>> I understand this, if it involved netbios resolution. however, when it's
>> pure host name resolution, my understanding is that there will be no
> netbios
>> resolution except when netbios over tcpip is enabled.
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.tryiis.com/
>> http://support.microsoft.com/
>> http://www.msmvps.com/bernard/
>>
>>
>>
>> "Timothy J. Bruce" <uniblab@hotmail.com> wrote in message
>> news:G76sd.438$925.59482@news1.epix.net...
>> > et al:
>> >
>> > NT simply attempts to use NetBIOS for name resolution. You can test
> this
>> > yourself with something simple like comparing tracert with both the -D
>> > switch present and absent.
>> >
>> > If you would like to completely remove this form of name discovery,
>> install
>> > RRAS and apply an output filter to the interface to block outbound 137.
>> > This will do the trick regardless of any other setting.
>> >
>> > #PORT NUMBERS
>> > #(last updated 18 November 2004)
>> > <snip>
>> > netbios-ns 137/tcp NETBIOS Name Service
>> > netbios-ns 137/udp NETBIOS Name Service
>> > </snip>
>> >
>> > Or you could install a decent firewall,
>> > Timothy J. Bruce
>> > uniblab@hotmail.com
>> > </RANT>
>> >
>> >
>> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
>> > news:ulgSqrc1EHA.2316@TK2MSFTNGP15.phx.gbl...
>> > > Ok, do update us when you found out why :)
>> > >
>> > >
>> > > --
>> > > Regards,
>> > > Bernard Cheah
>> > > http://www.tryiis.com/
>> > > http://support.microsoft.com/
>> > > http://www.msmvps.com/bernard/
>> > >
>> > >
>> > >
>> > > "Jason" <Jason@discussions.microsoft.com> wrote in message
>> > > news:66F9A172-D658-4713-BEF1-EEBBCE0AAFF5@microsoft.com...
>> > > > Yep - 137. Actually I misread the isa logs - its not inbound - its
>> > > outbound
>> > > > - which is just as odd - guess I should post in the isa forums -
> cant
>> > see
>> > > why
>> > > > it would need netbios name resolution for an internet protocol
>> resolved
>> > > using
>> > > > dns. NetBios over IP is disabled at the server and client.
>> > > >
>> > > > Anyways - thanks for the help!
>> > > > J
>> > > >
>> > > > "Bernard" wrote:
>> > > >
>> > > > > Weird. port 137 ?
>> > > > > this is relate netbios over tcpip.
>> > > > > are you using FQDN name or netbios name ?
>> > > > >
>> > > > > I can't think of anything if you are using FQDN. e.g. ftp.aa.com
>> > > > > anyway, have you try disable netbios over tcpip ?
>> > > > >
>> > > > > --
>> > > > > Regards,
>> > > > > Bernard Cheah
>> > > > > http://www.tryiis.com/
>> > > > > http://support.microsoft.com/
>> > > > > http://www.msmvps.com/bernard/
>> > > > >
>> > > > >
>> > > > >
>> > > > > "Jason" <Jason@discussions.microsoft.com> wrote in message
>> > > > > news:36D64B9A-5603-48BF-ADBC-FACF8300C74B@microsoft.com...
>> > > > > >
>> > > > > > We have a 2003 server that is colocated (offsite) that we
> manage.
>> > > This
>> > > > > box
>> > > > > > hosts our Web server, FTP server, and one of our external DNS
>> > servers.
>> > > > > We
>> > > > > > are behind an ISA 2000 box. All of a sudden we started
>> > > > > > noticing
> a
>> > 10
>> > > > > second
>> > > > > > delay when issuing a "ftp domain.com" to transfer some files to
>> the
>> > > > > server.
>> > > > > > This 10 second delay (give or take a few) is not there for
>> > > > > > other
>> FTP
>> > > > > sites -
>> > > > > > mainly another colocated box thats running Windows 2000. After
>> > > looking
>> > > > > into
>> > > > > > the problem a lot more, my ISA logs show requests coming from
> the
>> > 2003
>> > > > > server
>> > > > > > into the ISA box for port 137. It seems that for whatever
>> reason -
>> > > when
>> > > > > we
>> > > > > > connect to the ftp service - it attempts a Netbios request back
> to
>> > the
>> > > > > > originating IP, ISA blocks this, and the 2003 box times out
> those
>> > > requests
>> > > > > > then proceeds with the FTP service. If attempted outside the
> ISA
>> > box,
>> > > the
>> > > > > > delay is not there. Web traffic doesnt have the delay.
>> > > > > >
>> > > > > > Any thoughts?
>> > > > > >
>> > > > > > Thanks for the help,
>> > > > > > Jason
>> > > > >
>> > > > >
>> > > > >
>> > >
>> > >
>> >
>> >
>>
>>
>
>