Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows mystery udp/137 to udp/137

From: Buz Dale <buz.dale () USG EDU>
Date: Tue, 22 May 2007 09:27:47 -0400
I don't know about the 192.168 address but the 169.254 address looks a
lot like an autonet address for a Windows box that doesn't know who he
is.
Luck,
Buz

On 5/22/07, Clyde Hoadley <hoadleyc () mscd edu> wrote:

We have several Windows servers that regularly attempt to send udp packets
from port 137 to non existent IP address udp port 137.  These get
blocked by the firewall.  The Sys Admins haven't been able to figure
out why they do it.  Has anyone encountered this problem before?

Deny udp src inside:10.10.18.64/137 dst outside:169.254.221.242/137
Deny udp src inside:10.10.18.64/137 dst outside:169.254.221.242/137
Deny udp src inside:10.10.18.64/137 dst outside:192.168.81.1/137
Deny udp src inside:10.10.18.64/137 dst outside:192.168.81.1/137

--
Clyde Hoadley
Director of Information Security
Information Technology
Metropolitan State College of Denver
Campus Box 96, P.O. Box 173362, Denver Co 80217-3362
303-556-5074 | CELL 720-232-4737
www.mscd.edu





--
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697 (In GA)
1-706-583-2005
Office of Information and Instructional Technology
University System of Georgia
GMT -5:00
Previous By Date Next
Previous By Thread Next

Current thread: