At 01:22 PM 7/15/96 -0700, you wrote:
>I too am curious about port 137.
>My site has no inbound services, only outbound.
>Do some NT websites use port 137 to resolve names? My proxy
>logs indicates that some hits on port 137 are in groups
>of 3, some from websites. My perusal of denied 137 hits:
NT attempts to use nb name services (udp port 137, unicast) to find out the
NetBIOS name of a machine before it attempts reverse DNS in my experience.
Those sites are prob. open for attack via NBT (NetBIOS over TCP/IP),
although you have to know the NetBIOS name of the machine before it will
respond to a NBT SMB query on tcp port 139.
Use of port 137 by NT:
Unicast UDP: what's your name?
Broadcast UDP: here's my name.