Firewall Seeing Port 137, 138 UDP Traffic

Discussion in 'Linux Networking' started by Google Mike, Aug 1, 2004.

  1. Google Mike

    Google Mike Guest

    My local Linux PC firewall -- a new one called firestarter -- is
    seeing port 137 and 138 traffic from another Windows computer on my
    home LAN behind my home's firewall. I think that's normal Microsoft
    broadcasts, right, checking out my Linux computer to update its
    netbios routing? I shouldn't be worried and I can allow this kind of
    traffic from my other Windows computer, right?
     
    Google Mike, Aug 1, 2004
    #1
    1. Advertisements

  2. Google Mike

    Bit Twister Guest

    Hmmm, yes unless the box is infected and sending out 137/138 probes to
    find other boxes to infect.
     
    Bit Twister, Aug 1, 2004
    #2
    1. Advertisements

  3. But you should certainly drop (or not allow) any port 137-139 traffic to
    or from the internet and drop any LAN broadcast traffic to internet.
     
    David Efflandt, Aug 2, 2004
    #3
  4. Google Mike

    Google Mike Guest

    Too hard to tell, I guess, isn't it? I used to service pack the junk
    out of my home Windows systems. This was a big pain in the rear over
    dial-up. (I live where only dial-up is possible.) However, ever since
    I got the firewall, I just stick with the original W2K install and my
    wife, who uses this PC, uses Mozilla Firefox and Mozilla Thunderbird,
    and knows my file attachment policy, so I don't worry too much about
    attacks. But even still, when I have this thing being chatty on 137
    and 138 with my Linux box, which is normal Windows stuff, I cannot
    scientifically rule out that it is not trying to do a probe infection.
    If you have a test I could run that turns off normal 137/138 Windows
    activity for a few moments, I could then see if it's still happening
    and that would clue me into a virus.
     
    Google Mike, Aug 4, 2004
    #4
  5. Google Mike

    Google Mike Guest

    Yep. My firewall blocks stuff going out and coming in on these ports,
    but I don't think I have a setting to stop traffic on my side of the
    firewall for this activity. Besides, there are times at home when I
    need port 137 and 138 traffic so that I can do file exchanges between
    Windows and Linux.
     
    Google Mike, Aug 4, 2004
    #5
  6. Google Mike

    Bit Twister Guest

    That would be a windows questions for a windows newsgroup. :cool:

    Here, http://www.blackviper.com/WIN2K/servicecfg.htm
     
    Bit Twister, Aug 4, 2004
    #6
  7. Google Mike

    Google Mike Guest

    Google Mike, Aug 4, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.