Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
330
Views
0
Helpful
2
Replies

Trojan horse and 678?

robertt
Level 1
Level 1

‎01-02-2002 11:03 AM - edited ‎03-01-2019 07:53 PM

I am new at working with Cisco, so pardon me if I am missing the obvious.

I have a Cisco 678 router with NAT configured that keeps NATting the internal UDP 137 port to an outside port. I have tried deleting it with no success. Furthermore, each time I reboot, the outside port number changes.

In addition, there is an internal UDP port number, 35072 that keeps redirecting itself to the outside world to a different port each time I reboot.

This sure seems like a trojan horse to me. Anyone seen this before?

Thanks in advance,

Robert

Labels:
0 Helpful
2 Replies 2

thomas.chen
Level 6
Level 6

‎01-08-2002 01:07 PM

UDP 137 is one of the MS netbios ports and it may be hitting your gateway and therefore PAT let it out. Setup an access list to block TCP and UDP 135-137 if you’re concerned about this. UDP 35072? I would sniff the packet to see what it is or just block it with an access list.

0 Helpful

robertt
Level 1
Level 1
In response to thomas.chen

‎01-08-2002 01:24 PM

Thomas,

Thanks. I'm going to need to set up the access list, because both UDP 137 and 35072 are consistently being generated by an NT server where there are no users physically logged on.

Thanks,

Robert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents