[fw-wiz] Help w/ Port 137 Traffic

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Reply: Frederick M Avolio: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have seen an increase in (unsolicited) traffic to port 137 at my
firewall. My default
firewall policy (using iptables) is to deny, so 137 traffic is not
getting through.  I have used Ethereal (a network sniffer) to see the
content of the UDP packets and the consistent theme is:

In the Flags section - broadcast packet is 1 (I assume this means yes)
In the Queries section
- Name is a bunch of 0's and Workstation/Redirector in parens
- Type is NBSTAT
- Class is inet

Can someone tell me what the source of these are?  I have done a reverse
DNS lookup on several source IPs and don't see any pattern.



--------------------------------------------------------
Mike McCandless
michaelat_private

_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Paul D. Robertson: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Variations of firewall ruleset bypass via FTP"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Reply: Frederick M Avolio: "Re: [fw-wiz] Help w/ Port 137 Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 13 2002 - 04:37:02 PDT