Home page logo
/

nanog logo nanog mailing list archives

Re: UDP port 137 Question
From: Charles Sprickman <spork () inch com>
Date: Tue, 6 Jan 1998 13:35:07 -0500 (EST)

Well, at least you're not alone:

    deny   udp any any eq netbios-ns (5479183 matches)
    deny   udp any any eq netbios-dgm (20345 matches)
    deny   udp any any eq 139 (414 matches)

    deny   tcp any any eq 139 (20446 matches)

No Windoze on this side...  How much garbage traffic is generated by MS
products anyhow?

~~~~~~~~~~                                      ~~~~~~~~~~~
Charles Sprickman                               Internet Channel
INCH System Administration Team                 (212)243-5200
spork () inch com                                       access () inch com

On Tue, 6 Jan 1998, C. Jon Larsen wrote:

Date: Tue, 6 Jan 1998 12:54:52 -0500 (EST)
From: "C. Jon Larsen" <jlarsen () ford ajtech com>
To: nanog () merit edu
Subject: UDP port 137 Question


Is there any *valid* reason to see UDP traffic directed at a unix box's
port 137 coming from IP sources across the internet ? The unix servers in
question are most definitely *not* running samba, and there is absolutely
no NT anywhere on this customer's network (that is seeing the incoming UDP
traffic directed at an IP destination address on port 137). (A couple
of 95 boxes scattered across an Ethernet comprise the Micro$oft part of
the network). None of the 95 boxen are running any file or print serving
(sharing) resources.

I can't think of any valid reason to see this traffic, personally. Anybody
out there that can present a scenario where I would expect to see these
UDP packets coming back in ?

netbios-ns      137/tcp         nbns
netbios-ns      137/udp         nbns
netbios-dgm     138/tcp         nbdgm
netbios-dgm     138/udp         nbdgm
netbios-ssn     139/tcp         nbssn


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
C. Jon Larsen             Email: jlarsen () ford ajtech com
Systems Engineer          Voice: +1.804.353.2800 x118
A&J Technologies          http://www.ajtech.com

PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63  B3 16 1A 1B D2 61 EE 97
PGP Public key available at: http://ford.ajtech.com/CJL.txt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]