docrice
join:2008-03-31
Fremont, CA
| reply to antdude
Re: Wireless question
There are several "name leaks" (if you want to call it that) which occurs with Windows-based systems. In the DHCP Request packet, the hostname of the system is sent as option 12 (in an Active Directory directory environment, this helps the DHCP server update DNS). If dynamic DNS is supported, the client may also try to register their hostname into the DNS server and these are observable via the DNS update queries from the client.
You also have the infamous "NetBIOS" services on UDP 137 and 138 (and optionally TCP 139 which is more or less replaced via TCP 445 these days). These are legacy NetBIOS service enumeration / discovery methods for NetBIOS name suffixes (which denote the service type, whether it's a Workstation service, a PDC, etc.) which generally aren't useful unless you're running an NT 4.0 domain (almost no one these days) or you need your internal network to announce itself in such a manner due to the lack of centralized service enumeration methods (such as DNS SRV records). The Browser service on UDP 138 is there to help populate your "network neighborhood" browse list as well as help in the selection of a Master Browser, etc. (in the NetBIOS sense). All the NetBIOS stuff can be disabled under your interface's IP properties under Advanced -> WINS. You'll need to do this for each individual interface.
SMB / CIFS connections are under the "File and Printer Sharing" option, but there really isn't a "leak" in this sense since having a network share doesn't mean the machine broadcasts its availability.
Windows also tends to give itself away when you have SSDP involved running over UDP 1900. You can look that up. In Vista, you also have Link Layer Topology Discovery and other IPv6 stuff which clutters the network, although it's nice to help draw a network route diagram at a basic level. |
