Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Netbios 137/138 through ASA- UDP request discard logs

Hi,

I am getting lot of UDP request discarded from 10.145.0.66/138 to outside 10.145.0.255/138(Log message ID 710005).

I herewith attaching the config file.

Appreciate your early response.

Regards / Ramesh M

7 REPLIES
Super Bronze

Netbios 137/138 through ASA- UDP request discard logs

Hi,

As with your other discussion, this seems to be broadcast traffic related to Netbios that stops at the firewall as expected.

- Jouni

New Member

Re: Netbios 137/138 through ASA- UDP request discard logs

Hi

From where the traffic initiated/ reason for this error. Why this netbios traffic to be broadcat.

Also the source and destinations are in the same interface.

Please siggest

Regards / Ramesh M

Super Bronze

Netbios 137/138 through ASA- UDP request discard logs

Hi,

The traffic is initiated from the host mentioned in the log message (10.145.0.66)  and the broadcast is naturally destined for the broadcast address (10.145.0.255) of that subnet as you can see from the log message also. The source and destination are naturally on the same network as broadcast traffic wont go beyond the first L3 hop (router hop) in the network.

I dont know the operation of Netbios enough to give you a good explanation but to my understanding in Windows host networks if no separate name server is used the operation is based on broadcast traffic.

In your case the ASA naturally sees this traffic as its broadcast traffic and drops it as expected.

- Jouni

New Member

Netbios 137/138 through ASA- UDP request discard logs

Hi

Still I am gettng huge number of discard traffic,

Is any chance of port scanning/ attack/ botnet

Super Bronze

Netbios 137/138 through ASA- UDP request discard logs

Hi,

If you have your Windows host on a switch network and their gateway is the ASA then you will keep seeing these messages from multiple devices.

These messages are not port scanning. They are just typical broadcast traffic from the Windows hosts.

- Jouni

New Member

Netbios 137/138 through ASA- UDP request discard logs

Hi,

Is it possible to disable the netbios port 137 and 138 on server. will it cause any impact.

Please suggest.

Regards / Ramesh M

Netbios 137/138 through ASA- UDP request discard logs

Hello,

Are you using DHCP on your network?

You can do this via DHCP.

Or manually

  1. From the Start menu, right-click My Computer, and then click Manage.
  2. Expand System Tools, and then clear the Device Manager check box.
  3. Right-click Device Manager, point to View, and then select Show hidden devices.
  4. Expand Non-Plug and Play Drivers.
  5. Right-click NetBios over TCP/IP, and then click Disable.

This disables the SMB direct host listener on

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
1219
Views
0
Helpful
7
Replies