Home page logo

nanog logo nanog mailing list archives

Re: UDP port 137 Question
From: DAVE NORDLUND <nordlund () ccstaff cc ukans edu>
Date: Wed, 7 Jan 1998 15:27:44 CST-600

Date:          Tue, 06 Jan 1998 12:17:47 -0800 (PST)
From:          Melody Yoon <melodyy () best com>
Subject:       Re: UDP port 137 Question
To:            Bryce Ryan <brycer () organic com>
Cc:            jlarsen () ford ajtech com, nanog () merit edu

On Tue, 6 Jan 1998, Bryce Ryan wrote:
who was it that said, "never attribute to malice what can be explained by

no clue, but I like the quote. :)

we run a web farm and see requests directed at port 137 all the time on the
web sites we host.  i don't know for certain, but i assume it is some sort
of internet explorer "feature" that is attempting to establish a CIFS
connection to the web site.  we ignore them anyway. 

Hi Bryce. That's a possibility which I had not thought of.. However, to
test it, I ran Explorer on some machines here (including IE4.0 for Sparc) and
directed it my workstation here which is running apache. I've got snoop
running monitoring port 137, and so far, I've gotten no hits from the machines
running IE4 that are specifically directed to my Sparc (as per the scenario
from the original poster). Due to the way our network is configured here, I
don't have the ability to go over a router (we're on a Cat5k switch).

I believe that WIN95 will do the UDP to 137 only of both MS network and
TCP/IP are configured.  If you kill the MS network, that won't happen.

Could someone out there do a similiar test and double check my methods and see
if I just did something wrong? :)


Melody Lynn Yoon      melodyy () best com              | Graduate - '97 MSF
Senior SA - Taos Mountain Software, Santa Clara, CA | NRA Member
-- I do not accept commercial, unsolicited email
-- http://www.best.com/~melodyy/spam.policy.html

Dave Nordlund               d-nordlund () ukans edu
University of Kansas        913/864-0450
Computing Services          FAX 913/864-0485
Lawrence, KS  66045         KANREN

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]