Firewall Wizards mailing list archives

Help w/ Port 137 Traffic

From: "Mike McCandless" <michael () prismbiz com>
Date: Sat, 12 Oct 2002 23:31:57 -0400

I have seen an increase in (unsolicited) traffic to port 137 at my
firewall. My default
firewall policy (using iptables) is to deny, so 137 traffic is not
getting through.  I have used Ethereal (a network sniffer) to see the
content of the UDP packets and the consistent theme is:

In the Flags section - broadcast packet is 1 (I assume this means yes)
In the Queries section
- Name is a bunch of 0's and Workstation/Redirector in parens
- Type is NBSTAT
- Class is inet

Can someone tell me what the source of these are?  I have done a reverse
DNS lookup on several source IPs and don't see any pattern.



--------------------------------------------------------
Mike McCandless
michael () prismbiz com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Help w/ Port 137 Traffic Mike McCandless (Oct 13)
- Re: Help w/ Port 137 Traffic Paul D. Robertson (Oct 13)
  - Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
    - Re: Help w/ Port 137 Traffic Paul D. Robertson (Oct 13)
    - Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
    - Re: Help w/ Port 137 Traffic Paul D. Robertson (Oct 13)
    - Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
    - Re: Help w/ Port 137 Traffic Vincent Haverlant (Oct 15)
- Re: Help w/ Port 137 Traffic Frederick M Avolio (Oct 13)
- <Possible follow-ups>
- RE: Help w/ Port 137 Traffic Mike McCandless (Oct 13)
  - RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 13)

(Thread continues...)