Has anyone seen your Orion servers attempt to do any Netbios Name lookups to external (internet) addresses? Over the last few days, I am seeing my Orion server attempt to make connections on TCP port 137 to hosts that are not on my network.
I have repeatedly scanned for Malware and such, but as of yet, cant find anything.
Why would the Orion Performance server attempt to do a Netbios name lookup on a host that isnt in its database? AFAIK, the Orion Configuration server (hosted on a seperate box) does not attempt this.
Just finding it very odd to see this. I am trying to determine what is causing it. The requests are getting blocked by our Internet Firewall, so I doubt there is any concern at that end, but it does concern me that I am getting my logs filled with these types of requests.
Any thoughts?
Just cuz - here is a log entry on my firewall:
nov 02 2010 08:25:50: %%asa-4-106023: deny udp src inside:orion1_int/137 dst outside:218.37.44.204/137 by access-group "acl_in"
