Solved

Firewall Attack Help !!

Posted on 2004-10-12
5
183 Views
Last Modified: 2013-11-16
Help, my Firewall is detecting that IP Address 193.108.87.93:6184 has a target Destination of : 192.168.1.255:137 UDP.

There are no custom filters setup on my Firewall to point traffic to that address and I dont have PC with an address of 192.168.1.255.  When I ping 192.168.1.255 on my LAN I do get results returned.  But I definatley dont have a printer, device or anything else.

Whats going on !!!
0
Comment
Question by:Northumberland
  • 3
  • 2
5 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 12285230

192.168.1.255 is the Broadcast address for a 24 bit subnet (192.168.1.0 255.255.255.0).

Port 137 is the NetBIOS Port, broadcasts are all sent to that 192.168.1.255 address - this port should be blocked on your firewall, there's no need for external devices to Broadcast in your subnet.

The Broadcast Address is seen by everything on your Subnet.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12285242

*edit* Should read: Broadcasts from the Subnet 192.168.1.0/24 are all sent to the 192.168.1.255 address.

For an external device trying to access that port it could be any of someone Port Scanning or perhaps a Virus (on the remote computer).
0
 

Author Comment

by:Northumberland
ID: 12285262
So Chris should I clode port 137 anyway ?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12285370

In my opinion no one will need to get to Port 137 Externally, equally Port 137 will not need to go outside of your network. So it should be closed. on the Firewall.
0
 

Author Comment

by:Northumberland
ID: 12302936
Thanks Chris
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 51
Martian Packets Unix 5 50
how should I extend my cat5 cable by 20 feet? 11 71
Juniper SRX3600 - block all traffic to two IP's 5 16
Let’s list some of the technologies that enable smooth teleworking. 
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question