Solved

Firewall Attack Help !!

Posted on 2004-10-12
5
179 Views
Last Modified: 2013-11-16
Help, my Firewall is detecting that IP Address 193.108.87.93:6184 has a target Destination of : 192.168.1.255:137 UDP.

There are no custom filters setup on my Firewall to point traffic to that address and I dont have PC with an address of 192.168.1.255.  When I ping 192.168.1.255 on my LAN I do get results returned.  But I definatley dont have a printer, device or anything else.

Whats going on !!!
0
Comment
Question by:Northumberland
  • 3
  • 2
5 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 12285230

192.168.1.255 is the Broadcast address for a 24 bit subnet (192.168.1.0 255.255.255.0).

Port 137 is the NetBIOS Port, broadcasts are all sent to that 192.168.1.255 address - this port should be blocked on your firewall, there's no need for external devices to Broadcast in your subnet.

The Broadcast Address is seen by everything on your Subnet.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12285242

*edit* Should read: Broadcasts from the Subnet 192.168.1.0/24 are all sent to the 192.168.1.255 address.

For an external device trying to access that port it could be any of someone Port Scanning or perhaps a Virus (on the remote computer).
0
 

Author Comment

by:Northumberland
ID: 12285262
So Chris should I clode port 137 anyway ?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12285370

In my opinion no one will need to get to Port 137 Externally, equally Port 137 will not need to go outside of your network. So it should be closed. on the Firewall.
0
 

Author Comment

by:Northumberland
ID: 12302936
Thanks Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now