One of my firewalls logs this message constantly. I know that an IIS web server (and mine are) will use netbios for name resolution, so I blocked it outbound expecting that I would no longer recieve the inbound deny messages. However, I still get them.
I tested access to the web server from the outside and ran a capture on the PIX - I got no deny 137's when I connect.
Could this be a distributed attack? Is there any other reaon for these UDP packets. Can it be turned off directly at the server (without breaking File sharing access to the server from the inside)?
Thanks,
Heath