SpokaneISD
asked on
DC attempting UDP 137 connection to IP owned by RIPE.NET
One of our domain controllers is attempting to communicate on UDP 137 with an IP address registered to RIPE.NET in Amsterdam (5.5.13.36). This attempt is blocked by our firewall rules:
Local4.Warning 192.168.1.6 Dec 07 2011 12:22:05: %ASA-4-106023: Deny udp src inside:192.168.95.50/137 dst Outside:5.5.13.36/137 by access-group "acl_BLOCKED" [0x9abf6a8d, 0xb46d3807]
Any idea why our DC would be attempting to make this type of connection?
According to the RIPE.NET website, this is what they do:
The RIPE NCC is one of five Regional Internet Registries (RIRs) providing Internet resource allocations, registration services and coordination activities that support the operation of the Internet globally
Local4.Warning 192.168.1.6 Dec 07 2011 12:22:05: %ASA-4-106023: Deny udp src inside:192.168.95.50/137 dst Outside:5.5.13.36/137 by access-group "acl_BLOCKED" [0x9abf6a8d, 0xb46d3807]
Any idea why our DC would be attempting to make this type of connection?
According to the RIPE.NET website, this is what they do:
The RIPE NCC is one of five Regional Internet Registries (RIRs) providing Internet resource allocations, registration services and coordination activities that support the operation of the Internet globally
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I fired up a sniffer & watched outbound Netbios traffic & see a few other Netbois requests from our Domain Controller to other Internet servers.
I guess it will remain a mystery.