Carl,
There are numerous netbios based scanner out there so "malicious intent" it certainly a possibility. But, I had a similar problem on a firewall I was administering. I traced it back to a company on the same ISP segment I was on that had netbios enabled on their web and proxy servers. These two servers accounted for 700-800 port 137 denies every day. It was interesting to watch because they would first try specific addresses, then broadcast addresses then class B broadcasts.
It's interesting to monitor segments with NT boxes on them. Even when you set up security controls on the interfaces to block everything but TCP/IP, they still send our mailbox queries and other garbage. Go figure.
-- Bill Stackpole, CISSP
- lots of port 137 in deny log Dave Vogler
- Re: lots of port 137 in deny log Carl E. Mankinen
- Re: lots of port 137 in deny log William . Stackpole
- Re: lots of port 137 in deny log Dave Vogler
- Re: lots of port 137 in deny log Carl E. Mankinen
- RE: lots of port 137 in deny log William . Stackpole
- RE: lots of port 137 in deny log Carl E. Mankinen
- RE: lots of port 137 in deny log Ben Nagy
- RE: lots of port 137 in deny log Carl E. Mankinen
- RE: lots of port 137 in deny log Crumrine, Gary L
- RE: lots of port 137 in deny log Ron DuFresne
- Re: lots of port 137 in deny log Dan Riley
- RE: lots of port 137 in deny log Li, John
