Firewall Wizards mailing list archives

RE: UDP port 137

From: "Shivdasani, Meenoo" <Meenoo_Shivdasani () NAI com>
Date: Fri, 29 Jan 1999 07:02:43 -0800

My firewall has been alerting me to "possible port scans" on UPD for
port 137.
This seems to occur from a number of source addresses and 
domains on the
internet, some resolve-able, some not.  Does anyone know of a reason
I should be concerned?


Ah, the joy of Windoze.  At the most innocent level, hits to 137/UDP are
just an annoyance.  Windoze boxes spew NetBIOS related traffic all over the
place.  My personal solution is to dump them in the bit bucket so that I
don't have to wade through reports of unserved ports in my logs.  However,
that solution does have a flaw -- no logging equates to no tracking. 

Hits to 139/TCP could be someone trying to nuke internal windoze machines.
I can't remember offhand if there's an attack that you can do with 137/UDP.


M

Current thread:

UDP port 137 Burgess, John (EDS) (Jan 28)
- Re: UDP port 137 Eric Maiwald (Jan 29)
- <Possible follow-ups>
- Re: UDP port 137 Robert Graham (Jan 29)
- RE: UDP port 137 Shivdasani, Meenoo (Jan 29)