Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

deny inbound UDP x.x.x.x/137

One of my firewalls logs this message constantly. I know that an IIS web server (and mine are) will use netbios for name resolution, so I blocked it outbound expecting that I would no longer recieve the inbound deny messages. However, I still get them.

I tested access to the web server from the outside and ran a capture on the PIX - I got no deny 137's when I connect.

Could this be a distributed attack? Is there any other reaon for these UDP packets. Can it be turned off directly at the server (without breaking File sharing access to the server from the inside)?



New Member

Re: deny inbound UDP x.x.x.x/137

I don't know much about IIS, but all normal traffic to a web server should obviously be to ports 80 and 443. There is no reason to let any NetBIOS traffic pass in or out your network. This could be just a port scan to see if NetBIOS Name Service is running. Do a little detective work to see where these packets are coming from.

-- Rubio