I have seen an increase in (unsolicited) traffic to port 137 at my firewall. My default firewall policy (using iptables) is to deny, so 137 traffic is not getting through. I have used Ethereal (a network sniffer) to see the content of the UDP packets and the consistent theme is: In the Flags section - broadcast packet is 1 (I assume this means yes) In the Queries section - Name is a bunch of 0's and Workstation/Redirector in parens - Type is NBSTAT - Class is inet Can someone tell me what the source of these are? I have done a reverse DNS lookup on several source IPs and don't see any pattern. -------------------------------------------------------- Mike McCandless michaelat_private _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Sun Oct 13 2002 - 04:37:02 PDT