Home page logo
/

nanog logo nanog mailing list archives

Re: UDP port 137 Question
From: DAVE NORDLUND <nordlund () ccstaff cc ukans edu>
Date: Wed, 7 Jan 1998 15:29:52 CST-600

Date:          Tue, 06 Jan 1998 16:43:27 -0500
From:          Eric Germann <ekgermann () cctec com>
Subject:       Re: UDP port 137 Question
To:            d-nordlund () UKANS EDU
Cc:            nanog () merit edu

One would hope the backbones aren't passing 255.255.255.255 around to come in
via his Internet connection

One would hope........ !

But you can't assume!



At 01:17 PM 1/6/98 +0000, DAVE NORDLUND wrote:
Date:          Tue, 06 Jan 1998 12:54:52 -0500 (EST)
From:          "C. Jon Larsen" <jlarsen () ford ajtech com>
Subject:       UDP port 137 Question
To:            nanog () merit edu


Is there any *valid* reason to see UDP traffic directed at a unix box's
port 137 coming from IP sources across the internet ? The unix servers in
question are most definitely *not* running samba, and there is
absolutely no
NT anywhere on this customer's network (that is seeing the incoming UDP
traffic directed at an IP destination address on port 137). (A couple of 95
boxes scattered across an Ethernet comprise the Micro$oft part of the
network). None of the 95 boxen are running any file or print serving
(sharing)
resources.

Are you shure these don't have ip broadcast addresses on them?  I've seen MS
UDP packets with 255.255.255.255 as the destination address if the WIN box
isn't set up reasonably.

I can't think of any valid reason to see this traffic, personally.
Anybody out
there that can present a scenario where I would expect to see these UDP
packets coming back in ?

netbios-ns      137/tcp         nbns
netbios-ns      137/udp         nbns
netbios-dgm     138/tcp         nbdgm
netbios-dgm     138/udp         nbdgm
netbios-ssn     139/tcp         nbssn


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- C.
Jon Larsen             Email: jlarsen () ford ajtech com Systems Engineer     
    Voice: +1.804.353.2800 x118 A&J Technologies         
http://www.ajtech.com

PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63  B3 16 1A 1B D2 61 EE 97
PGP Public key available at: http://ford.ajtech.com/CJL.txt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



Dave Nordlund               d-nordlund () ukans edu
University of Kansas        913/864-0450
Computing Services          FAX 913/864-0485
Lawrence, KS  66045         KANREN



============================================================================
==== Eric Germann                             Computer and Communications Technologies
ekgermann () cctec com                        Van Wert, OH 45891
     Phone:   419 968 2640
http://www.cctec.com                  Fax:    419 968 2641

Network Design, Connectivity & System Integration Services 
A Microsoft Solution Provider                                 

Dave Nordlund               d-nordlund () ukans edu
University of Kansas        913/864-0450
Computing Services          FAX 913/864-0485
Lawrence, KS  66045         KANREN


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault