Firewall Wizards mailing list archives
RE: UDP port 137
From: "Shivdasani, Meenoo" <Meenoo_Shivdasani () NAI com>
Date: Fri, 29 Jan 1999 07:02:43 -0800
My firewall has been alerting me to "possible port scans" on UPD for port 137. This seems to occur from a number of source addresses and domains on the internet, some resolve-able, some not. Does anyone know of a reason I should be concerned?
Ah, the joy of Windoze. At the most innocent level, hits to 137/UDP are just an annoyance. Windoze boxes spew NetBIOS related traffic all over the place. My personal solution is to dump them in the bit bucket so that I don't have to wade through reports of unserved ports in my logs. However, that solution does have a flaw -- no logging equates to no tracking. Hits to 139/TCP could be someone trying to nuke internal windoze machines. I can't remember offhand if there's an attack that you can do with 137/UDP. M
Current thread:
- UDP port 137 Burgess, John (EDS) (Jan 28)
- Re: UDP port 137 Eric Maiwald (Jan 29)
- <Possible follow-ups>
- Re: UDP port 137 Robert Graham (Jan 29)
- RE: UDP port 137 Shivdasani, Meenoo (Jan 29)