named error messages in log file, how to fix?

Sun Jun 24 21:37:48 UTC 2001

> At 4:47 PM -0400 6/24/01, zz at rockstone.com wrote:
> 
> >  192.168.1.61 is a Win98 machine with only TCP/IP,Client for MS
> >  network and file sharing protocal/service installed.
> >  And I do NOT have Samba running on this RH7.1 linux, nor
> >  have port 137 to 139 open, I don't understand why the linux
> >  machine attempts to talk to the Win98 with Netbios protocol
> >  as indicated using port 137.
> >  Any suggestions what's likely the problem and how to
> >  fix it?  thank you.
> 
> 	All PCs try to talk to everything on ports 137-139.  However, if 
> the machine at the other end isn't speaking NetBIOS or NetBEUI, then 
> they most likely won't be able to respond in a manner that PCs will 
> understand.

thanks for your reply, I had the PC using tcp ip as default 
protocol, and I think this is not Win98's problem, but 
bind configuraiton problem. This linux 7.1 box used to have  
RH7.0 on it which got hacked due to weakness with bind 8.x(?), 
later I had it upgraded to 7.1, but I am not sure if I have
cleaned up everything. It was very similar type of hacking
as described link bellow
http://www2.linuxjournal.com/articles/culture/0022.html 

> 	Simply firewall off all access to ports 137-139 on the Linux 
> server and toss all the crap packets coming from the PC to these 
> ports.
> 

I did have blocking in place blocking to 53 from outsiders
as shown in the /var/log/messages:

Jun 24 17:08:24 luna kernel: Packet log: input REJECT eth1 
PROTO=6 217.57.55.91:3662 luna:111 L=60 S=0x00 I=36326
F=0x4000 T=44 SYN (#116)
Jun 24 17:32:56 luna kernel: Packet log: input REJECT eth1 
PROTO=6 210.207.56.2:3029 luna:53 L=60 S=0x00 I=42695
F=0x4000 T=42 SYN (#113)

> 	With regards to things like this in the future, you really should 
> ask a Linux-specific mailing list or newsgroup -- your question has 
> absolutely nothing whatsoever to do with the DNS in general, or BIND 
> in particular.

Sorry if this is wrong place, if its not DNS/bind issue, I won't ask
here. thanks.

Btw, what does /etc/named.conf should look like? I am trying to modify
it, and now I have it as is, am I correct with the ACL list?  
Should I get rid of the 'key' options? thanks

act name {
        address_match_list
        ip_prefix = 192.168.1.0/24
};
options {
        directory "/var/named";
         query-source address * port 53;
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};
key "key" {
        algorithm hmac-md5;
        secret "rZBbPVPbJdZLzpBsTeqqWy0ITndNWqBMEPNpkUZOTHmPlawaAxIInAoGBQsw";
};