UDP port 137 Question

Melody Yoon melodyy at best.com
Tue Jan 6 19:10:45 UTC 1998

On Tue, 6 Jan 1998, C. Jon Larsen wrote:

> Is there any *valid* reason to see UDP traffic directed at a unix box's
> port 137 coming from IP sources across the internet ? The unix servers in
> question are most definitely *not* running samba, and there is absolutely
> no NT anywhere on this customer's network (that is seeing the incoming UDP
> traffic directed at an IP destination address on port 137). (A couple
> of 95 boxes scattered across an Ethernet comprise the Micro$oft part of
> the network). None of the 95 boxen are running any file or print serving
> (sharing) resources.
[stuff cut]

Hi Jon. If memory serves, Netbios nameservices are generally only on the
same segment unless you have an NT/Samba server somewhere... As it is, it
should *NOT* be directed at your Unix boxes and definately not coming
across the Internet. My guess is that someone may be attempting a bad OOB
data attack on port 137 thinking that your Unix box is some type of PC.


Melody Lynn Yoon      melodyy at best.com              | Graduate - '97 MSF
Senior SA - Taos Mountain Software, Santa Clara, CA | NRA Member
-- I do not accept commercial, unsolicited email
-- http://www.best.com/~melodyy/spam.policy.html

More information about the NANOG mailing list