Security Incidents mailing list archives
Source 126.0.0.1 UDP/137
From: <jlepich () fidmail com>
Date: Fri, 9 May 2003 16:06:56 -0500
Can anyone tell me what is causing these entries to pop up in my firewall log? On our network we use a 10.x.x.x IP scheme. There is no host with the address of 126.0.0.1 on our network anywhere. I was able to capture this by sniffing the traffic from source 126.0.0.1. ............ CKAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA..! I have learned that this is a legitimate NetBIOS query. Here is an excerpt from my firewall log. Deny udp src inside:126.0.0.1/137 dst outside:3.13.0.10/137 (General Electric, NJ USA) Deny udp src inside:126.0.0.1/137 dst outside:63.14.0.10/137 (UUNET, VA, USA ) Deny udp src inside:126.0.0.1/137 dst outside:210.11.0.10/137 (Asia Pacific Network Information Centre, AU) By sniffing the traffic I was able to find get the source MAC address. The MAC I got is that of our core router. I have not attempted to track the source beyond that router yet. -Jesse ___________________________________________________________ Fidelity Communications Webmail - http://webmail.fidnet.com ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- Source 126.0.0.1 UDP/137 jlepich (May 13)
- Re: Source 126.0.0.1 UDP/137 D Sanchez (May 14)