Re: UDP port 137 request outbound, need help!

tarun.pahuja · ‎12-02-2003

Folks,

My pix log shows that my workstation is sending requests on port 137(UDP) outbound to unresolved ip addresses. I am running sophos anit virus and ran it multiple times, what anti-trojan horse program i should try? what might be causing this? also, the same ip address my workstation is sending 137 requests to is trying to ping outside interface of my pix, how could they know my ip address?

here is the log:

outside:12.29.13.149 (unresolved) dst inside:12.26.44.131 (unresolved) (type 8, code 0) by access-group "0"

2003-12-02 15:25:54 Local4.Warning 10.1.1.254 %PIX-4-106023: Deny icmp src outside:12.29.13.149 (unresolved) dst inside:12.26.44.132 (unresolved) (type 8, code 0) by access-group "0"

2003-12-02 15:25:56 Local4.Warning 10.1.1.254 %PIX-4-106023: Deny udp src inside:10.1.1.100 (DSMITH) /137 dst outside:12.29.13.149 (unresolved) /137 by access-group "100"

2003-12-02 15:25:57 Local4.Warning 10.1.1.254 %PIX-4-106023: Deny udp src inside:10.1.1.100 (DSMITH) /137 dst outside:12.29.13.149 (unresolved) /137 by access-group "100"

mostiguy · ‎12-03-2003

Don't worry about it. It is workstations trying to directly resolve hostnames that they cannot resolve any other way

tarun.pahuja · ‎12-03-2003

Thanks for the feedback,

unfortunately the logs on the pix show me that the ip address that my workstation is trying to reach are unresolved, i checked whois database and they are unresolved ip address.

why would my workstation look for ip address which do not have a domanin name associated to them?

thanks