Carl,
No - you'll get that. It's normally IIS servers trying to "look up" IP
addresses that connect to them. Are these real IP addresses that might be
computers running WWW browsers?
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-----Original Message-----
From: Carl E. Mankinen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 03, 2001 8:05 AM
To: firewall discussion list
Subject: Re: lots of port 137 in deny log
What I am seeing is inbound nbname connections to IP addresses all over my
CIDR block.
Not to addresses that would have ever been resolved by external DNS etc.
I would think this would indicate malicious intent.
----- Original Message -----
From: [EMAIL PROTECTED]
To: Dave Vogler
Cc: firewall discussion list ; [EMAIL PROTECTED]
Sent: Wednesday, May 02, 2001 4:13 PM
Subject: Re: lots of port 137 in deny log
Because Microsoft implements NETBIOS over TCP by default and most people
don't know effort to turn it off. Consequently you have all kinds of
systems trying to find out about the "Nework Neighborhood" they are attached
to.
-- Bill Stackpole, CISSP
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
