Can someone recommend a resource where I might be able to find answer to my
previous post? Possibly a security mailing list or FAQ? Thanks
Jeff...
Jeffrey G. Gilbert
Technology Program Manager
San Joaquin Housing Authority
Voice: (209) 460-5015
FAX: (209) 460-5115
-----Original Message-----
From: Jeffrey Gilbert [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, February 29, 2000 10:45 AM
To: [EMAIL PROTECTED]
Subject: 137 and Packet Filter
Hello, I am hoping someone can explain for me the following
(sanitized)
packet filter log entries I am getting:
2000-02-29 05:53:35.000 10.1.1.146 192.168.0.1 137 137 Udp - 0
207.212.x.x
2000-02-29 05:53:35.000 207.212.x.x 192.168.0.1 137 137 Udp - 0
207.212.x.x
2000-02-29 05:53:35.000 10.1.1.20 192.168.0.1 137 137 Udp - 0
207.212.x.x
2000-02-29 05:53:37.000 10.1.1.20 192.168.0.1 137 137 Udp - 0
207.212.x.x
2000-02-29 05:53:37.000 207.212.x.x 192.168.0.1 137 137 Udp - 0
207.212.x.x
2000-02-29 05:53:37.000 10.1.1.146 192.168.0.1 137 137 Udp - 0
207.212.x.x
This was generated from my MS Proxy Packet Filter log. The
10.1.1.20 IP is
my Proxys inside (Private) address, the 10.1.1.146 is one of 10 DHCP
Pool
addresses reserved by my MS-RAS/VPN setup on the proxy. All of the
packets
were dropped.
What I see from this log is that I am originating NetBios Name
packets to
this address from 3 of the addresses on my Proxy. 1 public address,
my
private address, and a VPN address. I have all NetBios / WINS
services
unbound from the outside interface. I don't know of any internal
reason for
these packets; nothing on my external interface should be
advertising over
137 (should it?) - especially not to a specific address. I have
tried to
track down the destination address to no avail. I am getting these
types of
log entries directed to many different addresses, as well. Can
anyone help
me to understand this? Please forgive my newbie-ness. Thanks for
any
comments.
Jeff...
Jeffrey G. Gilbert
Technology Program Manager
San Joaquin Housing Authority
Voice: (209) 460-5015
FAX: (209) 460-5115
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]