https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370352#M307491 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Still I am gettng huge number of discard traffic, </P><P></P><P>Is any chance of port scanning/ attack/ botnet</P></BODY></HTML> Sat, 07 Dec 2013 16:12:33 GMT Ramesh M 2013-12-07T16:12:33Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370348#M307485 <P>Hi,</P><P></P><P>I am getting lot of UDP request discarded from 10.145.0.66/138 to outside 10.145.0.255/138(Log message ID 710005).</P><P>I <SPAN style="font-size: 10pt;">herewith attaching the config file.</SPAN></P><P>Appreciate your early response.</P><P></P><P>Regards / Ramesh M</P> Tue, 12 Mar 2019 03:14:27 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370348#M307485 Ramesh M 2019-03-12T03:14:27Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370349#M307488 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As with your other discussion, this seems to be broadcast traffic related to Netbios that stops at the firewall as expected.</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 07 Dec 2013 11:57:44 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370349#M307488 Jouni Forss 2013-12-07T11:57:44Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370350#M307489 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>From where the traffic initiated/ reason for this error. Why this netbios traffic to be broadcat.</P><P>Also the source and destinations are in the <SPAN style="font-size: 10pt;">same interface.</SPAN></P><P></P><P></P><P>Please siggest</P><P></P><P>Regards / Ramesh M</P></BODY></HTML> Sat, 07 Dec 2013 13:33:02 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370350#M307489 Ramesh M 2013-12-07T13:33:02Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370351#M307490 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The traffic is initiated from the host mentioned in the log message (10.145.0.66)&nbsp; and the broadcast is naturally destined for the broadcast address (10.145.0.255) of that subnet as you can see from the log message also. The source and destination are naturally on the same network as broadcast traffic wont go beyond the first L3 hop (router hop) in the network.</P><P></P><P>I dont know the operation of Netbios enough to give you a good explanation but to my understanding in Windows host networks if no separate name server is used the operation is based on broadcast traffic.</P><P></P><P>In your case the ASA naturally sees this traffic as its broadcast traffic and drops it as expected.</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 07 Dec 2013 13:48:24 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370351#M307490 Jouni Forss 2013-12-07T13:48:24Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370352#M307491 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Still I am gettng huge number of discard traffic, </P><P></P><P>Is any chance of port scanning/ attack/ botnet</P></BODY></HTML> Sat, 07 Dec 2013 16:12:33 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370352#M307491 Ramesh M 2013-12-07T16:12:33Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370353#M307492 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you have your Windows host on a switch network and their gateway is the ASA then you will keep seeing these messages from multiple devices.</P><P></P><P>These messages are not port scanning. They are just typical broadcast traffic from the Windows hosts.</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 07 Dec 2013 16:15:25 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370353#M307492 Jouni Forss 2013-12-07T16:15:25Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370354#M307499 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Is it possible to disable the netbios port 137 and 138 on server. will it cause any impact.</P><P></P><P>Please suggest.</P><P></P><P>Regards / Ramesh M</P></BODY></HTML> Sun, 08 Dec 2013 08:36:22 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370354#M307499 Ramesh M 2013-12-08T08:36:22Z https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370355#M307501 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Are you using DHCP on your network?</P><P></P><P>You can do this via DHCP.</P><P></P><P></P><P>Or manually</P><P></P><OL style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; margin: 0px 0px 1.625em 2.5em; vertical-align: baseline; color: #373737; line-height: 24px; background-color: #ffffff;"><LI>From the <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Start</STRONG> menu, right-click <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">My Computer</STRONG>, and then click <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Manage</STRONG>.</LI><LI>Expand <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">System Tools</STRONG>, and then clear the <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Device Manager</STRONG> check box.</LI><LI>Right-click <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Device Manager</STRONG>, point to <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">View</STRONG>, and then select <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Show hidden devices</STRONG>.</LI><LI>Expand <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Non-Plug and Play Drivers</STRONG>.</LI><LI>Right-click <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">NetBios over TCP/IP</STRONG>, and then click <STRONG style="font-family: inherit; font-style: inherit; vertical-align: baseline;">Disable</STRONG>.</LI></OL><P style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; margin: 0px 0px 1.625em; vertical-align: baseline; color: #373737; line-height: 24px; background-color: #ffffff;">This disables the SMB direct host listener on </P><P></P><P></P><P></P><P></P><P>Rate all of the helpful posts!!! <BR /> <BR />Regards, <BR /> <BR />Jcarvaja <BR /> <BR /><SPAN>Follow me on </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A></P></BODY></HTML> Sun, 08 Dec 2013 20:06:53 GMT https://community.cisco.com/t5/network-security/netbios-137-138-through-asa-udp-request-discard-logs/m-p/2370355#M307501 Julio Carvajal 2013-12-08T20:06:53Z