Date: Tue, 06 Jan 1998 12:17:47 -0800 (PST) From: Melody Yoon <melodyy@best.com> Subject: Re: UDP port 137 Question To: Bryce Ryan <brycer@organic.com> Cc: jlarsen@ford.ajtech.com, nanog@merit.edu
On Tue, 6 Jan 1998, Bryce Ryan wrote: [cut]
who was it that said, "never attribute to malice what can be explained by stupidity?"
no clue, but I like the quote. :)
we run a web farm and see requests directed at port 137 all the time on the web sites we host. i don't know for certain, but i assume it is some sort of internet explorer "feature" that is attempting to establish a CIFS connection to the web site. we ignore them anyway.
Hi Bryce. That's a possibility which I had not thought of.. However, to test it, I ran Explorer on some machines here (including IE4.0 for Sparc) and directed it my workstation here which is running apache. I've got snoop running monitoring port 137, and so far, I've gotten no hits from the machines running IE4 that are specifically directed to my Sparc (as per the scenario from the original poster). Due to the way our network is configured here, I don't have the ability to go over a router (we're on a Cat5k switch).
I believe that WIN95 will do the UDP to 137 only of both MS network and TCP/IP are configured. If you kill the MS network, that won't happen.
Could someone out there do a similiar test and double check my methods and see if I just did something wrong? :)
mel
Melody Lynn Yoon melodyy@best.com | Graduate - '97 MSF Senior SA - Taos Mountain Software, Santa Clara, CA | NRA Member -- I do not accept commercial, unsolicited email -- http://www.best.com/~melodyy/spam.policy.html
Dave Nordlund d-nordlund@ukans.edu University of Kansas 913/864-0450 Computing Services FAX 913/864-0485 Lawrence, KS 66045 KANREN