[Dshield] new to logging - question

Blake McNeill mcneillb at linklogger.com
Fri Apr 30 08:35:10 GMT 2004


You might want to review an old post of my at
http://www.dslreports.com/forum/remark,5995337~root=security,1~mode=flat
entitled 'Port 137 Scans or Intro to Basic Forensics'.

Likely what you have is a piece of software which is calling Windows to
resolve hostnames.  If Windows is unable to resolve a hostname via a reverse
DNS request it attempts a Netbios hostname lookup which is a UDP port 137
request.  I would suspect that its your logging software which is causing
this traffic, not a biggie as its just a function of Windows.

Blake
http://www.LinkLogger.com




More information about the list mailing list