Many Packets to Port 137

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[haz]

Hello,
I was configuring a new firewall in the company when I accidently noticed in the log file that a certain IP is broadcasting packets to udp port 137 and sometimes 138, when I disconnected that PC I noticed other PCs started to broadcast the same packets ! I dont know what causes them, I disconnected another one and ran a full scan using "Super Anti-Spyware" with latest definitions and no results were found.
The port maps to NetBIOS Name Service, but we dont have such service running in our network!  we do have a DNS server though.
Is this a normal behaviour or not ?
Thanks..

[georgecloner]

Hello,
I was configuring a new firewall in the company when I accidently noticed in the log file that a certain IP is broadcasting packets to udp port 137 and sometimes 138, when I disconnected that PC I noticed other PCs started to broadcast the same packets ! I dont know what causes them, I disconnected another one and ran a full scan using "Super Anti-Spyware" with latest definitions and no results were found.
The port maps to NetBIOS Name Service, but we dont have such service running in our network!  we do have a DNS server though.

Is this a normal behaviour or not ?
Thanks..

These ports are basic windows ports:

137    NetBIOS name service. This is how NetBIOS-based services find each other. On a NetBIOS network, these names uniquely identify the machine and services running on the machine (and the IP address doesn't matter). Machines find each other either using broadcasts or looking them up in a centralized NetBIOS naming server (called a WINS server).
138    NetBIOS datagram service. This is primarily used for broadcasting information. It is primarily used by the SMB browser service that fills the information within the "Network Neighborhood" icon.

Hence, UDP ports 137 and 138 are considered normal traffic that every computer is announcing their existence in a network environment because of "WINS/NetBT name resolution."

-when a wintel machine boots up it broadcasts its NetBIOS name on the local subnet to register with the browse master
-A computer with resources broadcasts an announcement every 12 minutes to refresh the browse lists.
-browser traffic is normally done by broadcast, over UDP port 137. (If there is a WINS server on the network, browser traffic will be directed, not broadcast. )

[haz]

So it IS a Normal thing ! phew ! I just thought they were too much to be normal traffic, thats why I wanted to make sure.
Thanks a lot georgecloner.

[georgecloner]

There are trojan/worms where actually uses these ports, but as long as you're updated shielding your PCs there will be no worries!

You should be more concern and alarm if port 139 has been seen for simultaneous access! Someone may successfully connect to your PC and access resources available.

[manual2100]

if you are in a company network this is normal

[krrjhn]

Its a normal problem in a company !!