Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
1
Replies

deny inbound UDP x.x.x.x/137

HEATH FREEL
Level 1
Level 1

‎08-22-2002 11:40 AM - edited ‎03-09-2019 12:02 AM

One of my firewalls logs this message constantly. I know that an IIS web server (and mine are) will use netbios for name resolution, so I blocked it outbound expecting that I would no longer recieve the inbound deny messages. However, I still get them.

I tested access to the web server from the outside and ran a capture on the PIX - I got no deny 137's when I connect.

Could this be a distributed attack? Is there any other reaon for these UDP packets. Can it be turned off directly at the server (without breaking File sharing access to the server from the inside)?

Thanks,

Heath

1 person had this problem
Labels:
0 Helpful
1 Reply 1

jtnim
Level 1
Level 1

‎08-27-2002 10:01 PM

I don't know much about IIS, but all normal traffic to a web server should obviously be to ports 80 and 443. There is no reason to let any NetBIOS traffic pass in or out your network. This could be just a port scan to see if NetBIOS Name Service is running. Do a little detective work to see where these packets are coming from.

-- Rubio

0 Helpful
Customers Also Viewed These Support Documents