0

I noticed in my firewall that there was a ton of traffic for net-bios traffic (udp 137) after adding some hosts to the snmp allowed packets list in windows server 2008.

I could not find any documentation about why this is occurring as the snmp documentation only shows udp 161.

  • Has anyone else experienced this?

The monitoring servers is outside my domain and is behind a different zone in the firewall.

Thanks

CarlosAV
  • 117
  • 3
screwuphead
  • 51
  • 1
  • 1
  • 6
  • Is the netbios traffic between the server and the monitoring server? What exactly does the netbios traffic look like? – TheCleaner Dec 16 '14 at 19:12
  • Yes the traffic is between the web server and the monitoring server. The web server is trying to make a connection to netbios on the monitoring server but netbios is not listening on the monitoring server as it is a redhat server and not running any type of samba share. – screwuphead Dec 16 '14 at 19:21
  • Well you can disable netbios if you'd like. Or use straight IP addresses for SNMP instead. – TheCleaner Dec 16 '14 at 19:23
  • I am already using the IP addresses to the monitoring servers in the snmp allow list, which is why it is a little weird why snmp is trying to use netbios. – screwuphead Dec 16 '14 at 19:32
  • Run a packet sniffer on the web server to see exactly what this NetBIOS traffic is. – joeqwerty Dec 16 '14 at 20:43

0 Answers0