One of our domain controllers is attempting to communicate on UDP 137 with an IP address registered to RIPE.NET in Amsterdam (126.96.36.199). This attempt is blocked by our firewall rules:
Local4.Warning 192.168.1.6 Dec 07 2011 12:22:05: %ASA-4-106023: Deny udp src inside:192.168.95.50/137 dst Outside:188.8.131.52/137 by access-group "acl_BLOCKED" [0x9abf6a8d, 0xb46d3807]
Any idea why our DC would be attempting to make this type of connection?
According to the RIPE.NET website, this is what they do:
The RIPE NCC is one of five Regional Internet Registries (RIRs) providing Internet resource allocations, registration services and coordination activities that support the operation of the Internet globally