lots of netbios (137) port logs 1

[cpeloso]

Hi,
it's about 2 month that my pix 515 logs a lot (about 400 a day) of port 137 udp connection requests from all over the world..
It's a kind of attack?
Or what?
ThankYou

 

[jonas21]

It probably is. People try to open shares that are open even from the internet....some windows (l)users have their whole hdd open. You should filter all incoming connections on port 137 to 139 tcp/udp.

 

[yizhar]

HI.

I get them also.
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[br0ck]

FYI
There are lots of netbios broadcasts that are advertisements targeting all the cable and DSL users who do not have a firewall It is the same a typing >net send in cmd if you have a system that is on the internet via DSL or Cable with out filtering you will see these messages that are from lose weight to bad sites and they look like a system message

Brock D. Mowry
Hardware Specialist

http://www.iNECTA.com

 

[mmcgurty]

Do you place an implicit deny rule on the PIX to keep these from coming across or is all unstated traffic from inbound connection already blocked?

 

[pixboy]

Unless you specifically opened port 137 for any of your IPs, it's being blocked by default. That's the beauty of a firewall -- everything is blocked unless you specify otherwise.