My pix log shows that my workstation is sending requests on port 137(UDP) outbound to unresolved ip addresses. I am running sophos anit virus and ran it multiple times, what anti-trojan horse program i should try? what might be causing this? also, the same ip address my workstation is sending 137 requests to is trying to ping outside interface of my pix, how could they know my ip address?
You browsed to a trojan website that is causing your system to try and establish a netbios connection with said IP address.
Someone poisoned (or otherwise corrupted) your DNS or WINS server and its now resolving a name to an incorrect address and a netbios connection that you normally use is now corrupted.
You have a virus/worm/trojan application running.
Someone ran "nbtstat".
I'm sure there are endless possibilties. You've run an anti-virus, how about an anti-spyware? Does the behavior survive reboot (I'm assuming a Windows Box here, since 137 is Netbios name service). If so, I'd check out everything in the "Run" registry key.
The good point is that your PIX is doing what its supposed to and blocking outbound (as well as inbound I hope) Windows ports at the network edge.
Sorry, its just too much of a wide-open field to find the specific cause via this medium.
The remote "attacker" would get your PIX's external IP address because you appear to be using NAT. I can't explain why the remote system is attempting to ping you or the outbound port 137 traffic. Are you seeing any IDS alarms corresponding to this behavior? If you have an IDS monitoring this traffic, I'd start there. This would help diagnose the problem most quickly as you can capture traffic samples for analysis. Lastly, please double check that your anti-virus signatures are up to date.
Is this workstation Win2000.If yes then ofter this is DLLHOST.exe file , which has been corrupted.You can also install zonealrm utility,it will show the exact thing.Zone alarm personal edition can be downloaded from zonealarm.com.I had the same problem with one of my customer.I used zonealarm,it shown the application which is doing this.You can even stop this virus.Hope you will get result.If still same , contact me at firstname.lastname@example.org.I have many solutions for this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :