UDP port 137 Question
DAVE NORDLUND
nordlund at ccstaff.cc.ukans.edu
Tue Jan 6 13:17:01 UTC 1998
> Date: Tue, 06 Jan 1998 12:54:52 -0500 (EST)
> From: "C. Jon Larsen" <jlarsen at ford.ajtech.com>
> Subject: UDP port 137 Question
> To: nanog at merit.edu
>
> Is there any *valid* reason to see UDP traffic directed at a unix box's
> port 137 coming from IP sources across the internet ? The unix servers in
> question are most definitely *not* running samba, and there is absolutely no
> NT anywhere on this customer's network (that is seeing the incoming UDP
> traffic directed at an IP destination address on port 137). (A couple of 95
> boxes scattered across an Ethernet comprise the Micro$oft part of the
> network). None of the 95 boxen are running any file or print serving (sharing)
> resources.
Are you shure these don't have ip broadcast addresses on them? I've seen
MS UDP packets with 255.255.255.255 as the destination address if the
WIN box isn't set up reasonably.
>
> I can't think of any valid reason to see this traffic, personally. Anybody out
> there that can present a scenario where I would expect to see these UDP
> packets coming back in ?
>
> netbios-ns 137/tcp nbns
> netbios-ns 137/udp nbns
> netbios-dgm 138/tcp nbdgm
> netbios-dgm 138/udp nbdgm
> netbios-ssn 139/tcp nbssn
>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> C. Jon Larsen Email: jlarsen at ford.ajtech.com
> Systems Engineer Voice: +1.804.353.2800 x118
> A&J Technologies http://www.ajtech.com
>
> PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63 B3 16 1A 1B D2 61 EE 97
> PGP Public key available at: http://ford.ajtech.com/CJL.txt
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>
Dave Nordlund d-nordlund at ukans.edu
University of Kansas 913/864-0450
Computing Services FAX 913/864-0485
Lawrence, KS 66045 KANREN
More information about the NANOG
mailing list