Community,
Our firewall is blocking an onslaught of communications requests coming from our solarwinds server to a bunch of random IP addresses that don't even belong to our network. Solarwinds is trying to communicate with these IP's using service nbname (UDP/137) as well as TCP port 135. I have no idea what service or application running on solarwinds is making these requests. I have already checked the Sonar settings and the subnets in there are ok. Any ideas what application or program might be running in the background on Solarwinds that would cause this? I pasted a log from our FW below. As you can see since none of the subnets are relevant to us, there are no rules in the firewall allowing the traffic to go to them so it drops the requests.
Any ideas? Thanks.
Time: Today 13:58:28
Description: Dropped on rule 160
Interface Name: eth1
Interface Direction: inbound
To: 192.110.100.1
From: waswo01p (This is our solarwinds server)
Service: nbname
Action: Drop
Destination: 192.110.100.1
Inzone: Internal
Origin: everett-fw1-a (this is the Firewall that caught it)
Out-Zone: External
Policy Date: 07/Mar/2016 10:00:18
Policy Management: fullerton-fw-mgmt-01
Policy Name: Standard
Blade: Firewall
Product Family: Network
Protocol: UDP
Rule: 160
Rule Name:
Rule UID: {EEDAAD71-BA55-4BF9-BB1A-ACF5D1C08632}
Source Port: 137
Destination Port: 137
Service Name: nbname
Session ID: ec554a57
Source: INT-x.x.x.x-Solarwinds (I masked the internal IP for security reasons)
Source Machine Name: waswo01p
Source User Name: SVC SCCM (svc-sccm) (This is the service account solarwinds is using to run the program im assuming)
Type: Log
User: SVC SCCM (svc-sccm)
