• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3357
  • Last Modified:

Excessive Outbound Traffic on UDP Port 137

I've been noticing in my firewall logs an excessive amount of outbound traffic on udp port 137 from a single workstation. This port is blocked in my firewall, so it's not getting through, but I wanted to know if anyone could help me find the source of this traffic.

I have run CA AntiVirus and Anti Spyware as well as Spybot. The AV scan was clean and the spyware/adware scan only came up with a handful of cookies that have been removed. Netstat and Nbtstat both seem clean as well.

Thanks for the help.
1 Solution
udp port 137 is used for NetBIOS. You could try changing the NetBIOS setting on that workstation and see what you get.
NetBIOS name service (UDP)

firewalls: Firewall administrators will frequently see large numbers of incoming packets to port 137. This is due to the behavior of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the "gethostbyaddr()" function. As users behind the firewalls surf Windows-based web sites, those servers will frequently respond with NetBIOS lookups.
Please post a HJT log from the suspect workstation just in case:

Download HijackThis from http://www.hijackthis.de/
(use the "direct download" link in the upper-right corner)
Unzip to any folder on your hard drive (other than the desktop)
Run the program by double-clicking on the HijackThis.exe file.
Click on "Do a System Scan.."
Copy-and-paste the resulting log here.
Optionally, you can post back to that same web page, and click "Analyze"
Luis_RomeroAuthor Commented:
Thanks. Your response actually reminded me that I've had this problem before but added a new NIC that used the default NetBios settings. Once I turned off NetBios over TCP/IP the problem was resolved.

Thanks for your help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now