|
One of our readers have reported that he has seen a broadcast traffic to udp/137 . He suspected that the traffic cause a denial of service to some of his systems. If you have seen such traffic and you would like to share some packets we would appreciate that.
|
Basil 60 Posts ISC Handler Apr 1st 2014 |
| Thread locked Subscribe |
Apr 1st 2014 8 years ago |
|
This might be pointing out the obvious to this crowd, but normally udp port 137 is NetBIOS name service. It is on by default on all windows systems, not 100% sure about windows server 2012. So everybody has this type of traffic unless you manually disable netbios on the network interfaces. Yes, I know that malware can communicate over this protocol and port.
|
Anonymous |
| Quote |
Apr 3rd 2014 8 years ago |
|
Indeed, this may simply be a netbios scan. Using auxiliary/scanner/netbios/nbname_probe in metasploit produces lots of traffic on udp/137. I assume nbname queries could be broadcast for hostname discovery.
|
red0green 4 Posts |
| Quote |
Dec 4th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
