Increase in UDP port 137 traffic ??

My CheckPoint firewall is detecting an inordinate amount of NetBIOS traffic via UDP port137 from a server, internal to my LAN attempting to communicate with external IP addresses. Traffic patterns are consecutive nbname service transmits for an entire IP range, once the final octet is incremented to 255, a new initial starting IP is queried.

I'm running TDImon from www.sysinternals.com to trace the transmits and all I can tell is that it intermittently switches from one process memory space to the next. Unfortunately I cannot pinpoint the file/registry entry tied to this activity.

Virus Software is up to date and doesn't detect any threats.

Thoughts anyone

Thanks in advance.

 

Any more info my friend? OS? Installed programs? Any resources on the network [some printer software does some really stupid things]?
Any misc. info you provide will be extra helpful to the experts...
err.. I'm no expert. Sorry.

 

The respective system is running Windows 2003 server, does not have SP1 applied. Hardware is a Compaq Proliant DL380 G2. The sole purpose of this server is for CheckPoint Firewall (www.checkpoint.com) logging. Software installed is as follows: CheckPointFirewall, Veritas Netbackup 5.1, McAfee VirusScanEnterprise 8.0i, default tools installed by Compaq.

 

Sounds like this may be comming from a machine that is connected behind the server 2003 box rather than the server 2003 box. Perhaps a machineon your network is infected or has some other kind of problem.

 

It may be a router broadcast...
but once again... 'm really not good with hardware.

 

Hi wieckj

Have you run a packet sniffer yet to determine the nature of the traffic?
Do you have a little more detail on the set up. ICS? Which system is the firewall on?

Regards,

CrazyM