7.4 Alternate Name Resolution

There are several ways to bypass the NBT Name Service. The simplest is the use of an LMHOSTS file, which provides NetBIOS name to IP address mappings. LMHOSTS is similar in concept to the /etc/ hosts file commonly used by Unix-y systems to provide TCP/IP name mappings.

Another Name Service bypass trick involves using DNS names or IP addresses instead of NetBIOS names to find remote services. This trick is generally used when connecting to an SMB server via the NBT Session Service. The obvious problem here is that the Session Service expects that the CALLED NAME in the SESSION MESSAGE be correct.

There are several work-arounds to the naming problem.

One may guess that the service name matches the first label of the DNS name. This often works, but it is not guaranteed .
Another option is to send a NODE STATUS REQUEST and look through the reply for a unique name with a suffix of 0x20 , which is likely to be the correct service name. (The SMB Server Service always uses the suffix 0x20 .)
The ugliest (and also the most common) solution is to place the NetBIOS name " *SMBSERVER " into the CALLED NAME field (encoded, of course). This special name was introduced with Windows NT 4.0, and is now supported by Samba and several commercial implementations . It is accepted for Session Service connections to the SMB Server Service, no matter what NetBIOS name is actually registered. Note that " *SMBSERVER " starts with an asterisk, which makes it an illegal NetBIOS name. The " *SMBSERVER " name is never registered, and name queries for this name should always fail.