UDP port 137 Question
DAVE NORDLUND
nordlund at ccstaff.cc.ukans.edu
Wed Jan 7 15:29:52 UTC 1998
> Date: Tue, 06 Jan 1998 16:43:27 -0500
> From: Eric Germann <ekgermann at cctec.com>
> Subject: Re: UDP port 137 Question
> To: d-nordlund at UKANS.EDU
> Cc: nanog at merit.edu
> One would hope the backbones aren't passing 255.255.255.255 around to come in
> via his Internet connection
One would hope........ !
But you can't assume!
>
>
>
> At 01:17 PM 1/6/98 +0000, DAVE NORDLUND wrote:
> >> Date: Tue, 06 Jan 1998 12:54:52 -0500 (EST)
> >> From: "C. Jon Larsen" <jlarsen at ford.ajtech.com>
> >> Subject: UDP port 137 Question
> >> To: nanog at merit.edu
> >
> >>
> >> Is there any *valid* reason to see UDP traffic directed at a unix box's
> >> port 137 coming from IP sources across the internet ? The unix servers in
> >> question are most definitely *not* running samba, and there is
> absolutely no
> >> NT anywhere on this customer's network (that is seeing the incoming UDP
> >> traffic directed at an IP destination address on port 137). (A couple of 95
> >> boxes scattered across an Ethernet comprise the Micro$oft part of the
> >> network). None of the 95 boxen are running any file or print serving
> (sharing)
> >> resources.
> >
> >Are you shure these don't have ip broadcast addresses on them? I've seen MS
> >UDP packets with 255.255.255.255 as the destination address if the WIN box
> >isn't set up reasonably.
> >>
> >> I can't think of any valid reason to see this traffic, personally.
> Anybody out
> >> there that can present a scenario where I would expect to see these UDP
> >> packets coming back in ?
> >>
> >> netbios-ns 137/tcp nbns
> >> netbios-ns 137/udp nbns
> >> netbios-dgm 138/tcp nbdgm
> >> netbios-dgm 138/udp nbdgm
> >> netbios-ssn 139/tcp nbssn
> >>
> >>
> >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- C.
> >> Jon Larsen Email: jlarsen at ford.ajtech.com Systems Engineer
> >> Voice: +1.804.353.2800 x118 A&J Technologies
> >> http://www.ajtech.com
> >>
> >> PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63 B3 16 1A 1B D2 61 EE 97
> >> PGP Public key available at: http://ford.ajtech.com/CJL.txt
> >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> >>
> >>
> >
> >Dave Nordlund d-nordlund at ukans.edu
> >University of Kansas 913/864-0450
> >Computing Services FAX 913/864-0485
> >Lawrence, KS 66045 KANREN
> >
>
>
> ============================================================================
> ==== Eric Germann Computer and Communications Technologies
> ekgermann at cctec.com Van Wert, OH 45891
> Phone: 419 968 2640
> http://www.cctec.com Fax: 419 968 2641
>
> Network Design, Connectivity & System Integration Services
> A Microsoft Solution Provider
Dave Nordlund d-nordlund at ukans.edu
University of Kansas 913/864-0450
Computing Services FAX 913/864-0485
Lawrence, KS 66045 KANREN
More information about the NANOG
mailing list