Solved: Re: NetBIOS (UDP 137) causing "noise" in PIX Syslog

cdoyle · ‎07-16-2003

Our PIX logs are loaded with deny reports regarding udp port 137 traffic coming from our Win Servers, it's making it difficult at times to spot other deny messages we need to be investigating.

Disabling NetBIOS over TCP/IP on the Servers is unfortunately not an option for us in this particular VLAN. The underlying infrastructure is a Catalyst 6500 Switch and we are wondering if there is a way, using its feature set, to filter the traffic inbound to the PIX's port. We would like to block UDP/137 at the port therefore dropping the unwanted packets before the PIX even sees them.

We've looked into VACLs but are only aware of their ability ACL on MAC address, not higher level traffic. Being this PIX interface and the Servers are in the same Layer2 VLAN, we don't have a Layer3 interface we can leverage to apply an ACL to.

Is anyone else dealing with this issue, any suggestions?

tvanginneken · ‎07-16-2003

Hi,

to make the logging op NetBios disappear, you have the possibility to create an access list entry that matches the netbios traffic and disables logging for that entry. At the end of the access-list entry just add "log disable".

This feature requires PIX OS v6.3.

Kind Regards,

Tom

View solution in original post

tvanginneken · ‎07-16-2003

Hi,

to make the logging op NetBios disappear, you have the possibility to create an access list entry that matches the netbios traffic and disables logging for that entry. At the end of the access-list entry just add "log disable".

This feature requires PIX OS v6.3.

Kind Regards,

Tom

fpiredda · ‎07-16-2003

Hi,

I have same problem with Pix 6.2.

Any ideas?

cdoyle · ‎07-17-2003

Thank-you for your information Tom !

We plan to take your advice and upgrade to 6.3 in order to implement this solution.

Thanks again !

Craig