Firewall Wizards mailing list archives
Re: RE: Help w/ Port 137 Traffic
From: "Miha Vitorovic" <miha () nil si>
Date: Tue, 15 Oct 2002 00:36:36 +0200
Not logging 137/udp is a good idea because it fills up the logs and does not add any significant information to them.
Hi all, Reading this thread, I notice something funny. Everyone says that logging blocked UDP 137 adds no useful information, and I understand where this is coming from. Windows boxes are so noisy when it comes to netbios, that it is best to just ignore it, or you'd have to worry about every misconfigured firewall out there. But on the other hand, this whole thread began with: "I noticed an unusual increase in the amount packets coming for port 137" or something to that effect. Seems like some useful information can still come from logging it. In light of that, what do you think? Log less or more? Regards, P.S: Admin, sorry about the last two messages, I was having problems with the client :( --- Miha Vitorovic Inženir v tehničnem področju Customer Support Engineer NIL Data Communications, Einspielerjeva 6, 1000 Ljubljana, Slovenia Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE: Help w/ Port 137 Traffic, (continued)
- Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Luca Berra (Oct 14)
- RE: RE: Help w/ Port 137 Traffic Bill Royds (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Mikael Olsson (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Richard Sharpe (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Mikael Olsson (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Richard Sharpe (Oct 14)
- Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)