Date: Tue, 06 Jan 1998 12:54:52 -0500 (EST) From: "C. Jon Larsen" <jlarsen@ford.ajtech.com> Subject: UDP port 137 Question To: nanog@merit.edu
Is there any *valid* reason to see UDP traffic directed at a unix box's port 137 coming from IP sources across the internet ? The unix servers in question are most definitely *not* running samba, and there is absolutely no NT anywhere on this customer's network (that is seeing the incoming UDP traffic directed at an IP destination address on port 137). (A couple of 95 boxes scattered across an Ethernet comprise the Micro$oft part of the network). None of the 95 boxen are running any file or print serving (sharing) resources.
Are you shure these don't have ip broadcast addresses on them? I've seen MS UDP packets with 255.255.255.255 as the destination address if the WIN box isn't set up reasonably.
I can't think of any valid reason to see this traffic, personally. Anybody out there that can present a scenario where I would expect to see these UDP packets coming back in ?
netbios-ns 137/tcp nbns netbios-ns 137/udp nbns netbios-dgm 138/tcp nbdgm netbios-dgm 138/udp nbdgm netbios-ssn 139/tcp nbssn
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- C. Jon Larsen Email: jlarsen@ford.ajtech.com Systems Engineer Voice: +1.804.353.2800 x118 A&J Technologies http://www.ajtech.com
PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63 B3 16 1A 1B D2 61 EE 97 PGP Public key available at: http://ford.ajtech.com/CJL.txt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dave Nordlund d-nordlund@ukans.edu University of Kansas 913/864-0450 Computing Services FAX 913/864-0485 Lawrence, KS 66045 KANREN