If you are talking about INBOUND traffic on 137, I am currently being hammered with
port 137 (nbname)
connection attempts from all over the internet, although I assume most of these are
spoofed addresses.
About a week ago I started receiving a steady stream of this nbname traffic, wondering
if anyone else
is seeing this.
It is normal to see a ton of netbios traffic trying to leak out of your windows
network.
Just put in a rule for "SilentServices", include nbt, nbname etc and turn the logging
off to prevent your logs from being spammed.
For your router access list, I guess you will have to prevent it from being syslogged
with the other drops.
----- Original Message -----
From: "Dave Vogler" <[EMAIL PROTECTED]>
To: "firewall discussion list" <[EMAIL PROTECTED]>
Sent: Wednesday, May 02, 2001 1:49 PM
Subject: lots of port 137 in deny log
> Hi all,
>
> With all of your help, I've managed to implement a basic internet
> firewall on my Cisco router via ACL. I'm logging my denied packets, and
> I notice the most frequently denied packet is udp on port 137. I
> thought 137 was part of netbios- why are there so many of these? They
> appear to have been bound for Macs as well as NTs inside the LAN. About
> 4-5 an hour for a LAN of 25 computers.
>
> Thanks,
>
> Dave
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
