Because Microsoft implements NETBIOS over TCP by default and most people don't know effort to turn it off. Consequently you have all kinds of systems trying to find out about the "Nework Neighborhood" they are attached to.
-- Bill Stackpole, CISSP
| Dave Vogler <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 05/02/01 10:49 AM
|
To: firewall discussion list <[EMAIL PROTECTED]> cc: Subject: lots of port 137 in deny log |
Hi all,
With all of your help, I've managed to implement a basic internet
firewall on my Cisco router via ACL. I'm logging my denied packets, and
I notice the most frequently denied packet is udp on port 137. I
thought 137 was part of netbios- why are there so many of these? They
appear to have been bound for Macs as well as NTs inside the LAN. About
4-5 an hour for a LAN of 25 computers.
Thanks,
Dave
