Security Basics mailing list archives
RE: UDP Port 137 Question
From: "Mark A. Villanova" <mark () helixsecurity net>
Date: Thu, 22 Jan 2004 23:44:03 -0600
That's NBT, probably WINS lookups.. Win2k/2003 should be using DNS only if you ask me. Mark Villanova Mobile: 817.271.6096 mvillanova () stellarconnection com http://www.stellarconnection.com -----Original Message----- From: John Smithson [mailto:why1234 () hotmail com] Sent: Tuesday, January 20, 2004 2:16 PM To: security-basics () securityfocus com Subject: UDP Port 137 Question Gurus, I have couple of servers that are constantly trying to go outbound on UDP Port 137 (Nbname). The event is occurring 4-5 times per second. All outbound traffic is being dropped by my firewall. However, I am just trying to find out what is the reason - I have AV on the server with latest definition - I have ran manual AV Scan - I have ran Welchia / Nimda / etc removal tool - I have ran Spyware removal tool - All of them comes up clean. The outbound address are for example: 156.67.52.182 to 156.67.52.204 --- 9.108.180.138-154 -- 145.46.77.202-241 - There are more of these network ranges ( I have already done whois on all these IP range) Oh yeah - the servers are Win2k with SP3 or Win2k with SP4 with latest HF. Please help me to isolate what I am facing? This should not be a normal Traffic Pattern, since only couple of my servers are producing this traffic TIA _________________________________________________________________ Let the new MSN Premium Internet Software make the most of your high-speed experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1 ------------------------------------------------------------------------ --- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- UDP Port 137 Question John Smithson (Jan 20)
- Re: UDP Port 137 Question JGrimshaw (Jan 21)
- Re: UDP Port 137 Question JGrimshaw (Jan 26)
- <Possible follow-ups>
- Re: UDP Port 137 Question H Carvey (Jan 21)
- Re: UDP Port 137 Question Jeff Friend (Jan 21)
- Re: UDP Port 137 Question H Carvey (Jan 22)
- RE: UDP Port 137 Question Mark A. Villanova (Jan 26)
- RE: UDP Port 137 Question P Cannon (Jan 27)
- RE: UDP Port 137 Question Sarbjit Singh Gill (Jan 28)
- Re: UDP Port 137 Question John LeMay (Jan 28)
- RE: UDP Port 137 Question P Cannon (Jan 27)
- RE: UDP Port 137 Question Darrell Porter (Jan 27)
- RE: UDP Port 137 Question JGrimshaw (Jan 27)
- RE: UDP Port 137 Question Darrell Porter (Jan 28)
- RE: UDP Port 137 Question Patrick A. Middleton (Jan 28)
- RE: UDP Port 137 Question John Smithson (Jan 28)
- RE: UDP Port 137 Question Depp, Dennis M. (Jan 28)