NETBIOS Name Service Broadcasts
Posted on 2004-03-31
I am getting the following security alerts on one of my linux boxes. The ip address and MAC are from one of my Windows 2000 servers. Although I can drop these broadcasts using iptables on linux, I would like to know what my Windows box is doing. Can anyone explain? This appears to be happening every 8 hours. This is a segment of the log, it appears 20 or times per incident.
There are no error in the event logs on the Windows box.
Mar 31 07:59:59 wahoo kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:81:28:e8:10:08:00 SRC=18.104.22.168 DST=22.214.171.124 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=50625 PROTO=UDP SPT=137 DPT=137 LEN=76