RE: 137 and Packet Filter

Tue, 29 Feb 2000 19:37:18 -0800 

Can someone recommend a resource where I might be able to find answer to my
previous post?  Possibly a security mailing list or FAQ? Thanks


Jeff...

Jeffrey G. Gilbert
Technology Program Manager
San Joaquin Housing Authority
Voice: (209) 460-5015
FAX: (209) 460-5115


        -----Original Message-----
        From:   Jeffrey Gilbert [SMTP:[EMAIL PROTECTED]]
        Sent:   Tuesday, February 29, 2000 10:45 AM
        To:     [EMAIL PROTECTED]
        Subject:        137 and Packet Filter

        Hello, I am hoping someone can explain for me the following
(sanitized)
        packet filter log entries I am getting:

        2000-02-29 05:53:35.000 10.1.1.146 192.168.0.1 137 137 Udp - 0
207.212.x.x 
        2000-02-29 05:53:35.000 207.212.x.x 192.168.0.1 137 137 Udp - 0
207.212.x.x 
        2000-02-29 05:53:35.000 10.1.1.20 192.168.0.1 137 137 Udp - 0
207.212.x.x 
        2000-02-29 05:53:37.000 10.1.1.20 192.168.0.1 137 137 Udp - 0
207.212.x.x 
        2000-02-29 05:53:37.000 207.212.x.x 192.168.0.1 137 137 Udp - 0
207.212.x.x 
        2000-02-29 05:53:37.000 10.1.1.146 192.168.0.1 137 137 Udp - 0
207.212.x.x 

        This was generated from my MS Proxy Packet Filter log.  The
10.1.1.20 IP is
        my Proxys inside (Private) address, the 10.1.1.146 is one of 10 DHCP
Pool
        addresses reserved by my MS-RAS/VPN setup on the proxy.  All of the
packets
        were dropped.

        What I see from this log is that I am originating NetBios Name
packets to
        this address from 3 of the addresses on my Proxy.  1 public address,
my
        private address, and a VPN address.  I have all NetBios / WINS
services
        unbound from the outside interface. I don't know of any internal
reason for
        these packets; nothing on my external interface should be
advertising over
        137 (should it?) - especially not to a specific address.  I have
tried to
        track down the destination address to no avail.  I am getting these
types of
        log entries directed to many different addresses, as well.   Can
anyone help
        me to understand this?  Please forgive my newbie-ness.  Thanks for
any
        comments.

        Jeff...

        Jeffrey G. Gilbert
        Technology Program Manager
        San Joaquin Housing Authority
        Voice: (209) 460-5015
        FAX: (209) 460-5115

        -
        [To unsubscribe, send mail to [EMAIL PROTECTED] with
        "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to