Firewall Seeing Port 137, 138 UDP Traffic

Discussion in 'Linux Networking' started by Google Mike, Aug 1, 2004.

  1. Google Mike

    Google Mike Guest

    My local Linux PC firewall -- a new one called firestarter -- is
    seeing port 137 and 138 traffic from another Windows computer on my
    home LAN behind my home's firewall. I think that's normal Microsoft
    broadcasts, right, checking out my Linux computer to update its
    netbios routing? I shouldn't be worried and I can allow this kind of
    traffic from my other Windows computer, right?
    Google Mike, Aug 1, 2004
    1. Advertisements

  2. Google Mike

    Bit Twister Guest

    Hmmm, yes unless the box is infected and sending out 137/138 probes to
    find other boxes to infect.
    Bit Twister, Aug 1, 2004
    1. Advertisements

  3. But you should certainly drop (or not allow) any port 137-139 traffic to
    or from the internet and drop any LAN broadcast traffic to internet.
    David Efflandt, Aug 2, 2004
  4. Google Mike

    Google Mike Guest

    Too hard to tell, I guess, isn't it? I used to service pack the junk
    out of my home Windows systems. This was a big pain in the rear over
    dial-up. (I live where only dial-up is possible.) However, ever since
    I got the firewall, I just stick with the original W2K install and my
    wife, who uses this PC, uses Mozilla Firefox and Mozilla Thunderbird,
    and knows my file attachment policy, so I don't worry too much about
    attacks. But even still, when I have this thing being chatty on 137
    and 138 with my Linux box, which is normal Windows stuff, I cannot
    scientifically rule out that it is not trying to do a probe infection.
    If you have a test I could run that turns off normal 137/138 Windows
    activity for a few moments, I could then see if it's still happening
    and that would clue me into a virus.
    Google Mike, Aug 4, 2004
  5. Google Mike

    Google Mike Guest

    Yep. My firewall blocks stuff going out and coming in on these ports,
    but I don't think I have a setting to stop traffic on my side of the
    firewall for this activity. Besides, there are times at home when I
    need port 137 and 138 traffic so that I can do file exchanges between
    Windows and Linux.
    Google Mike, Aug 4, 2004
  6. Google Mike

    Bit Twister Guest

    That would be a windows questions for a windows newsgroup. :cool:

    Bit Twister, Aug 4, 2004
  7. Google Mike

    Google Mike Guest

    Google Mike, Aug 4, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.