Security Basics mailing list archives
Re: UDP Port 137 Question
From: JGrimshaw () ASAP com
Date: Wed, 21 Jan 2004 08:33:12 -0600
I am thinking that is the Netbios name resolution attempting to do just that. If you unclick the check boxes to use Netbios for name resolution on the servers that are doing this, the problem might stop. If your network is dependent on WINS, though, then you may have problems if everything internal isn't listed in a DNS server somewhere. Even though these were public addresses the servers attempted to resolve, who knows what internal lookups they are doing. "John Smithson" <why1234 () hotmail com> 01/20/2004 02:16 PM To security-basics () securityfocus com cc Subject UDP Port 137 Question Gurus, I have couple of servers that are constantly trying to go outbound on UDP Port 137 (Nbname). The event is occurring 4-5 times per second. All outbound traffic is being dropped by my firewall. However, I am just trying to find out what is the reason - I have AV on the server with latest definition - I have ran manual AV Scan - I have ran Welchia / Nimda / etc removal tool - I have ran Spyware removal tool - All of them comes up clean. The outbound address are for example: 156.67.52.182 to 156.67.52.204 --- 9.108.180.138-154 -- 145.46.77.202-241 - There are more of these network ranges ( I have already done whois on all these IP range) Oh yeah - the servers are Win2k with SP3 or Win2k with SP4 with latest HF. Please help me to isolate what I am facing? This should not be a normal Traffic Pattern, since only couple of my servers are producing this traffic TIA _________________________________________________________________ Let the new MSN Premium Internet Software make the most of your high-speed experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1 --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- UDP Port 137 Question John Smithson (Jan 20)
- Re: UDP Port 137 Question JGrimshaw (Jan 21)
- Re: UDP Port 137 Question JGrimshaw (Jan 26)
- <Possible follow-ups>
- Re: UDP Port 137 Question H Carvey (Jan 21)
- Re: UDP Port 137 Question Jeff Friend (Jan 21)
- Re: UDP Port 137 Question H Carvey (Jan 22)
- RE: UDP Port 137 Question Mark A. Villanova (Jan 26)
- RE: UDP Port 137 Question P Cannon (Jan 27)
- RE: UDP Port 137 Question Sarbjit Singh Gill (Jan 28)
- Re: UDP Port 137 Question John LeMay (Jan 28)
- RE: UDP Port 137 Question P Cannon (Jan 27)
- RE: UDP Port 137 Question Darrell Porter (Jan 27)
- RE: UDP Port 137 Question JGrimshaw (Jan 27)
(Thread continues...)