I'm seeing lots of access violations for UDP 137 which is
used by Netbios name services. I'm blocking 137-139 from
the Internet. What I don't understand is why these are trying to
come in from the Internet destined for machines all over
campus...some that aren't even running Netbios services (or so
I'm told).
Going through RFC1001 and 1002 (quickly, I'm afraid) it seems
that these packets would be used to challenge a name. Why
would computers from sites all over the world be challenging
end user computers here?
One of the sites sending the packets was a Web site and I thought
maybe it did that because it was an NT based server or something but
I checked with the person whose PC was the target and they'd never
heard of the Web site (no it wasn't one that they'd publicly deny :-)
Of course, I might be misunderstanding the protocol and perhaps the
Internet is supporting Netbios broadcast service which means
its supporting a whole bunch of machines broadcasting their
names. Tell me this isn't true! Appletalk on the Internet :-)
Can someone explain this to me?
thanks,
Gary Flynn
Network Manager
James Madison University
|
|
