12-02-2003 03:06 PM - edited 03-09-2019 05:43 AM
Folks,
My pix log shows that my workstation is sending requests on port 137(UDP) outbound to unresolved ip addresses. I am running sophos anit virus and ran it multiple times, what anti-trojan horse program i should try? what might be causing this? also, the same ip address my workstation is sending 137 requests to is trying to ping outside interface of my pix, how could they know my ip address?
here is the log:
outside:12.29.13.149 (unresolved) dst inside:12.26.44.131 (unresolved) (type 8, code 0) by access-group "0"
2003-12-02 15:25:54 Local4.Warning 10.1.1.254 %PIX-4-106023: Deny icmp src outside:12.29.13.149 (unresolved) dst inside:12.26.44.132 (unresolved) (type 8, code 0) by access-group "0"
2003-12-02 15:25:56 Local4.Warning 10.1.1.254 %PIX-4-106023: Deny udp src inside:10.1.1.100 (DSMITH) /137 dst outside:12.29.13.149 (unresolved) /137 by access-group "100"
2003-12-02 15:25:57 Local4.Warning 10.1.1.254 %PIX-4-106023: Deny udp src inside:10.1.1.100 (DSMITH) /137 dst outside:12.29.13.149 (unresolved) /137 by access-group "100"
12-03-2003 10:22 AM
Don't worry about it. It is workstations trying to directly resolve hostnames that they cannot resolve any other way
12-03-2003 12:00 PM
Thanks for the feedback,
unfortunately the logs on the pix show me that the ip address that my workstation is trying to reach are unresolved, i checked whois database and they are unresolved ip address.
why would my workstation look for ip address which do not have a domanin name associated to them?
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide