What to do, A) you can disable on NT the SERVER service, this disables the netbios or at least it should. Next, block UDP and TCP ports 135-140, this should block it locally. Actually 137 though I do not log.. As for the simple reason A) it's blocked and B) I would have 3 million lines saying it's denied. most Windows boxes when someone does a nslookup on it will actually first check dns, then it tries wins, then it tries to connect to port 137 and get the NT machine name.. On 12 Jan 00, at 1:00, Firewalls-Digest wrote: > Date: Tue, 11 Jan 2000 20:33:58 -0800 (PST) > From: Merton Campbell Crockett <[EMAIL PROTECTED]> > Subject: re: need advice regarding port 137 > AM} HI All, > AM} I'm having trouble understanding some activity on one of our AM} > firewalls AM} AM} Starting today at 15:31 and going through till > 15:39 every couple of AM} seconds a host tried to send packets to UDP > port 137 from port 137. AM} AM} anyone ever seen this before. > > Yes, its a constant pain. This is a NetBIOS Name Service request from > a Windows?? system. > > AM} The box they are trying to connect to is a WinNT 4.0 sp6a running > AM} Microsoft Proxy Server 2.0 wins is disabled on all external > interfaces > > The source system has been able to detect that your system is a > WindowsNT Server. If the source system is not sending, specifically, > to your Proxy Server, you did not shut down all services. > > Early last year, we tried using the Microsoft Proxy Server at a > customer site. We had a lot of trouble due to errors in the > documentation and several KnowledgeBase articles getting the external > interface to stop disclosing that it was a WindowsNT Server. > > I don't recall what we had to do to make it "hold its tongue" as we > discovered that it couldn't really do what we wanted and was painfully > slow. We replaced WindowsNT with BSD/OS and used Squid as the proxy > server. Faster, more secure, and supported the entire user community > without resorting to diddling internal default routes. > > > Merton Campbell Crockett > +--------------------------------------------------------------------- > +-----+ > | Manager, Network Operations & Services | Chief Network/Security > Engineer | | General Dynamics Electronic Systems | Naval Surface > Warfare Center | | Intelligence Systems Organization | Port > Hueneme Division | | Thousand Oaks, CA | Port > Hueneme, CA | > +--------------------------------------------------------------------- > -----+ > > > - - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > > ------------------------------ > > End of Firewalls-Digest V8 #766 > ******************************* > > To unsubscribe from Firewalls-Digest, send the following command > in the body of a message to "[EMAIL PROTECTED]": > > unsubscribe firewalls-digest > > If you want to subscribe or unsubscribe an address other than the > account the mail is coming from, such as a local redistribution list, > then append that address to the command; for example, to subscribe > "local-firewalls": > > subscribe firewalls-digest [EMAIL PROTECTED] > > A non-digest (direct mail) version of this list is also available; to > subscribe to that instead, replace all instances of "firewalls-digest" > in the commands above with "firewalls". > > Compressed back issues are available for anonymous FTP from > Lists.GNAC.NET, in pub/firewalls/digest/vNN.nMMM.Z (where "NN" > is the volume number, and "MMM" is the issue number). Jason Robertson Network Analyst [EMAIL PROTECTED] http://www.astroadvice.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
