Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Trojan horse and 678?

I am new at working with Cisco, so pardon me if I am missing the obvious.

I have a Cisco 678 router with NAT configured that keeps NATting the internal UDP 137 port to an outside port. I have tried deleting it with no success. Furthermore, each time I reboot, the outside port number changes.

In addition, there is an internal UDP port number, 35072 that keeps redirecting itself to the outside world to a different port each time I reboot.

This sure seems like a trojan horse to me. Anyone seen this before?

Thanks in advance,

Robert

2 REPLIES
Silver

Re: Trojan horse and 678?

UDP 137 is one of the MS netbios ports and it may be hitting your gateway and therefore PAT let it out. Setup an access list to block TCP and UDP 135-137 if you’re concerned about this. UDP 35072? I would sniff the packet to see what it is or just block it with an access list.

Community Member

Re: Trojan horse and 678?

Thomas,

Thanks. I'm going to need to set up the access list, because both UDP 137 and 35072 are consistently being generated by an NT server where there are no users physically logged on.

Thanks,

Robert

180
Views
0
Helpful
2
Replies
CreatePlease to create content