4 Replies Latest reply on Mar 10, 2016 11:00 AM by silverbacksays

    Solarwinds Scanning Help

    ccraddock@opus

      Community,

       

      Our firewall is blocking an onslaught of communications requests coming from our solarwinds server to a bunch of random IP addresses that don't even belong to our network. Solarwinds is trying to communicate with these IP's using service nbname (UDP/137) as well as TCP port 135. I have no idea what service or application running on solarwinds is making these requests. I have already checked the Sonar settings and the subnets in there are ok. Any ideas what application or program might be running in the background on Solarwinds that would cause this? I pasted a log from our FW below. As you can see since none of the subnets are relevant to us, there are no rules in the firewall allowing the traffic to go to them so it drops the requests.

       

      Any ideas? Thanks.

       

       

      Time:                Today            13:58:28

      Description:         Dropped on rule 160

      Interface Name:      eth1

      Interface Direction: inbound

      To:                  192.110.100.1

      From:                waswo01p (This is our solarwinds server)

      Service:             nbname

      Action:              Drop

      Destination:         192.110.100.1

      Inzone:              Internal

      Origin:              everett-fw1-a (this is the Firewall that caught it)

      Out-Zone:            External

      Policy Date:         07/Mar/2016 10:00:18

      Policy Management:   fullerton-fw-mgmt-01

      Policy Name:         Standard

      Blade:               Firewall

      Product Family:      Network

      Protocol:            UDP

      Rule:                160

      Rule Name:          

      Rule UID:            {EEDAAD71-BA55-4BF9-BB1A-ACF5D1C08632}

      Source Port:         137

      Destination Port:    137

      Service Name:        nbname

      Session ID:          ec554a57

      Source:              INT-x.x.x.x-Solarwinds (I masked the internal IP for security reasons)

      Source Machine Name: waswo01p

      Source User Name:    SVC SCCM (svc-sccm) (This is the service account solarwinds is using to run the program im assuming)

      Type:                Log

      User:                SVC SCCM (svc-sccm)