<div>
So the blog says &nbsp;&quot;these lookups are harmless and may be performed automatically if DNS or reverse DNS fails&quot; but then goes on to say that &nbsp;&quot;if at all possible (Netbios) should not be used accross the public Internet.&quot;<br />
<br />
I fired up a sniffer &amp;&nbsp;watched outbound Netbios traffic &amp;&nbsp;see a few other Netbois requests from our Domain Controller to other Internet servers.<br />
<br />
I guess it will remain a mystery.
</div>


So the blog says  "these lookups are harmless and may be performed automatically if DNS or reverse DNS fails" but then goes on to say that  "if at all possible (Netbios) should not be used accross the public Internet."

I fired up a sniffer & watched outbound Netbios traffic & see a few other Netbois requests from our Domain Controller to other Internet servers.

I guess it will remain a mystery.

<div>
<div class="content wysiwyg-content">
One of our domain controllers is attempting to communicate on UDP 137 with an IP address registered to RIPE.NET in Amsterdam (5.5.13.36). &nbsp;This attempt is blocked by our firewall rules:<br />
<br />
Local4.Warning &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;192.168.1.6 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Dec 07 2011 12:22:05: %ASA-4-106023: Deny udp src inside:192.168.95.50/137 dst Outside:5.5.13.36/137 by access-group &quot;acl_BLOCKED&quot; [0x9abf6a8d, 0xb46d3807]<br />
<br />
Any idea why our DC would be attempting to make this type of connection? <br />
<br />
According to the RIPE.NET website, this is what they do:<br />
The RIPE NCC is one of five Regional Internet Registries (RIRs) providing Internet resource allocations, registration services and coordination activities that support the operation of the Internet globally<br />

</div>
</div>


One of our domain controllers is attempting to communicate on UDP 137 with an IP address registered to RIPE.NET in Amsterdam (5.5.13.36).  This attempt is blocked by our firewall rules:

Local4.Warning	192.168.1.6	Dec 07 2011 12:22:05: %ASA-4-106023: Deny udp src inside:192.168.95.50/137 dst Outside:5.5.13.36/137 by access-group "acl_BLOCKED" [0x9abf6a8d, 0xb46d3807]

Any idea why our DC would be attempting to make this type of connection? 

According to the RIPE.NET website, this is what they do:
The RIPE NCC is one of five Regional Internet Registries (RIRs) providing Internet resource allocations, registration services and coordination activities that support the operation of the Internet globally


DC attempting UDP 137 connection to IP owned by RIPE.NET

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Microsoft Server OS

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.