Seeing outbound UDP 137: Should I be worried

[Stanley Pain]

Recently I've started to see some outbound traffic on my firewall to UDP 137 to IPs the end up belonging to level3, or telekenex. With this increase I've seen my firewall dropping ICMP Type 3 traffic to the same IPs, as well as a bunch in China.

This has me a bit worried, as TCPVIEW doesn't show any of those connections and I'm wondering if someone manage to find an exploit for my router (dir655).

 

[Jay_2]

that is netbios I think

 

[Stanley Pain]

Yes, I know that's netbios, which is why I'm kinda worried as to why it's outbound to external IPs. A few of the systems on my network are various Windows 7 builds. I'm wondering if there's an exploit or two floating around.

Still can't find process is actually initiating these requests, gonna have to run a packet sniffer for a while and see what I can find.

 

[Jay_2]

why not block outbound 137 and see what hits the logs

 

[Stanley Pain]

Outbound 137 is blocked, logs just state that computer ip 10.10.10.2 (or whatever other computer on my network) was blocked from sending UDP:137 to whatever external IP address. Connection states show a session for the attempted outbound connection.