[Dshield] new to logging - question

Blake McNeill mcneillb at linklogger.com
Fri Apr 30 08:35:10 GMT 2004

You might want to review an old post of my at
entitled 'Port 137 Scans or Intro to Basic Forensics'.

Likely what you have is a piece of software which is calling Windows to
resolve hostnames.  If Windows is unable to resolve a hostname via a reverse
DNS request it attempts a Netbios hostname lookup which is a UDP port 137
request.  I would suspect that its your logging software which is causing
this traffic, not a biggie as its just a function of Windows.


More information about the list mailing list