>Not logging 137/udp is a good idea because it fills up the logs and does >not add any significant information to them. Hi all, Reading this thread, I notice something funny. Everyone says that logging blocked UDP 137 adds no useful information, and I understand where this is coming from. Windows boxes are so noisy when it comes to netbios, that it is best to just ignore it, or you'd have to worry about every misconfigured firewall out there. But on the other hand, this whole thread began with: "I noticed an unusual increase in the amount packets coming for port 137" or something to that effect. Seems like some useful information can still come from logging it. In light of that, what do you think? Log less or more? Regards, P.S: Admin, sorry about the last two messages, I was having problems with the client :( --- Miha Vitorovic Inženir v tehničnem področju Customer Support Engineer NIL Data Communications, Einspielerjeva 6, 1000 Ljubljana, Slovenia Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 17:30:56 PDT