1
If a computer is communicating with another through UDP port 137, can we assume that it is a host port scan? If YES, how can we identify that and stop it from happening?
user136771
Posted 2012-05-31T00:59:32.627
Reputation: 23
Does communication through UDP Port 137 always mean there is a port scan done on the host?
Answers
1
No, you cannot assume all UDP/137 traffic is a port-scan; that could be legitimate NetBios over TCP/IP traffic.
I have a corporate laptop from my employer, and I am unconnected to the corporate network behind my home firewall. Just over the last hour alone, I have seen over 1000 NBT packets... why? Because windows is broadcasting NBT name queries for a windows domain controller, printers, SMS resources, etc...
Mike Pennington
Posted 2012-05-31T00:59:32.627
Reputation: 2 273