This is how to prevent a Win95 or NT wkstn from bringing up a ISDN connection through DOD.
A Windows95 or WindowsNT workstation attached to a Netopia Router may generate spurious packets that bring up a ISDN connection via Dial On Demand (DOD). Depending on the amount of Windows95 or WindowsNT workstations that are on the local LAN, this could be a severe problem as there are typically charges by the telephone company and ISP every time a connection is established over ISDN.
This Technical Note describes different methods that could be used to prevent a Windows95 or WindowsNT workstation from bringing up a unnecessary ISDN connection through DOD.
Below is a list of hardware and firmware loads that this Technical Note is based upon:
Hardware Firmware/Version Installed Options Any Netopia Router 3.1.3 or later None
A Windows95 or WindowsNT workstation has the ability to use NetBIOS over a TCP or UDP transport within the IP protocol. NetBIOS is a software interface designed by IBM and provides a vendor independent interface for the IBM PC and compatible systems to communicate with each other.
Although there is no real defined standard for NetBIOS over TCP or UDP, the accepted reference is the IBM document number 6322916, "Technical Reference PC Network". This is further expanded upon by RFC 1001 "Protocol Standard for a NetBIOS Service on a TCP/UDP Transport".
Within NetBIOS are two services, both of which use UDP as the transport within IP. The first is NetBIOS Name Service (NBDS) which uses UDP port 137, the second is NetBIOS Datagram Delievry Service (NBDD) which uses UDP port 138. The NetBIOS services that use these ports tend to be 'chatty', thus sending out packets that could bring up a ISDN connection via DOD. The services that use these UDP ports are further described in RFC 1002 (NBDS) and 1003 (NBDD).
There are three things that could be done to the Netopia Router to prevent Windows95 or WindowsNT workstations from bringing up a ISDN connection via DOD. The first thing could be to turn off DOD in the Connection Profile that the Windows95 or WindowsNT workstations are using to dial out. This unfortunately would not only stop the Windows95 and WindowsNT workstations from establishing a connection with DOD, but prevent all other workstation on the local LAN from establishing a DOD connection as well.
The second thing that could be done would be to unbind the Microsoft Client from the TCP/IP protocol in the Network control panel of Windows95 or WindowsNT. The downside to this would be that the Windows95 or WindowsNT workstation would loose the ability do share files with other Windows95 or WindowsNT workstations on the local network.
The third and most reasonable thing that could be done would be to set up a output filter in the Netopia Router blocking source UDP ports 137 (NBDS) and 138 (NBDD). This filter set would then be associated with the active Connection Profile(s) that the Windows95 or WindowsNT workstation are using to dial out. The filtering rules would look like the following:
************************************************************************ +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 0.0.0.0 0.0.0.0 UDP =137 NC Yes No | | 2 0.0.0.0 0.0.0.0 UDP =138 NC Yes No | | | | | | | | | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------+ ************************************************************************
With this filter set in place, any packets received by the Netopia Router destined for the WAN and matching (=) UDP ports 137 or 138 will be discarded and the ISDN connection will not come up. All other packets will be allowed through, and DOD will function normally. The downside to this scenario is that this filter set will cut off the ability to share files with other Windows95 or WindowsNT workstations over the ISDN connection, but not over the LAN.
But if sharing files with other Windows95 or WindowsNT workstations over the ISDN connection is not necessary, this should effectively stop any Windows95 or WindowsNT workstations from bringing up a ISDN connection via DOD.
There are several options that can be configured in the Netopia Router to prevent a Windows95 or WindowsNT workstation from unnecessarily bringing up a ISDN connection. These are turning off DOD, unbinding the Microsoft Client from the TCP/IP protocol, or creating a filter set blocking UDP ports 137 (NBDS) and 138 (NBDD). For more information on the NetBIOS protocol and its components, please refer to RFC 1001, 1002, and 1003.