01-02-2002 11:03 AM - edited 03-01-2019 07:53 PM
I am new at working with Cisco, so pardon me if I am missing the obvious.
I have a Cisco 678 router with NAT configured that keeps NATting the internal UDP 137 port to an outside port. I have tried deleting it with no success. Furthermore, each time I reboot, the outside port number changes.
In addition, there is an internal UDP port number, 35072 that keeps redirecting itself to the outside world to a different port each time I reboot.
This sure seems like a trojan horse to me. Anyone seen this before?
Thanks in advance,
Robert
01-08-2002 01:07 PM
UDP 137 is one of the MS netbios ports and it may be hitting your gateway and therefore PAT let it out. Setup an access list to block TCP and UDP 135-137 if youre concerned about this. UDP 35072? I would sniff the packet to see what it is or just block it with an access list.
01-08-2002 01:24 PM
Thomas,
Thanks. I'm going to need to set up the access list, because both UDP 137 and 35072 are consistently being generated by an NT server where there are no users physically logged on.
Thanks,
Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide