[Dshield] new to logging - question
mcneillb at linklogger.com
Fri Apr 30 08:35:10 GMT 2004
You might want to review an old post of my at
entitled 'Port 137 Scans or Intro to Basic Forensics'.
Likely what you have is a piece of software which is calling Windows to
resolve hostnames. If Windows is unable to resolve a hostname via a reverse
DNS request it attempts a Netbios hostname lookup which is a UDP port 137
request. I would suspect that its your logging software which is causing
this traffic, not a biggie as its just a function of Windows.
More information about the list