Me also confused with this log message. If you compare the Syslog message from firewall and the documentation, even the numbers are same (ie 106011) the Prefixes are different(ie syslog levels are different). One is level 3 and another one is 7.
If you come across the solution please let me know.
It is probably a windows box who is trying to resolve the name of that machine via a directed Netbios query for some reason. Does 22.214.171.124 offer any services to the outside world? Is it part of a global or static pool?
Since the IP is in use, it probably just a directed netbios name query.
If you want to see exactly what I am talking about, install ethereal on a windows machine. Start a capture, and open a command prompt.
type nbtstat -a ip.address
You should see in ethereal the UDP based netbios nameservice requests go out.
WIndows tries these when other name resolution methods fail. A lot of sites block all outbound netbios traffic, so that is why you don't see more of them.
Do you have reverse dns entries for those ip addresses? That may be a contributing factor - when http requests go from that ip to a windows server, and it tries to log it, and do a reverse dns lookup, if that fails, windows might try the directed NBNS query
I have received similar type messages - more than likely you are being port scanned from a remote host trying to gain access to your network. Since it is UDP it is probably spoofed - so you will not be able to trace to it. It is a form of DDOS attack.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...