One of my firewalls logs this message constantly. I know that an IIS web server (and mine are) will use netbios for name resolution, so I blocked it outbound expecting that I would no longer recieve the inbound deny messages. However, I still get them.
I tested access to the web server from the outside and ran a capture on the PIX - I got no deny 137's when I connect.
Could this be a distributed attack? Is there any other reaon for these UDP packets. Can it be turned off directly at the server (without breaking File sharing access to the server from the inside)?
I don't know much about IIS, but all normal traffic to a web server should obviously be to ports 80 and 443. There is no reason to let any NetBIOS traffic pass in or out your network. This could be just a port scan to see if NetBIOS Name Service is running. Do a little detective work to see where these packets are coming from.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...