2 Replies Latest reply on Nov 2, 2010 9:35 AM by dclick

    Interesting Netbios Traffic

    dclick

      Has anyone seen your Orion servers attempt to do any Netbios Name lookups to external (internet) addresses?   Over the last few days, I am seeing my Orion server attempt to make connections on TCP port 137 to hosts that are not on my network.

      I  have repeatedly scanned for Malware and such, but as of yet, cant find anything.  

      Why would the Orion Performance server attempt to do a Netbios name lookup on a host that isnt in its database?  AFAIK, the Orion Configuration server (hosted on a seperate box) does not attempt this.

      Just finding it very odd to see this.  I am trying to determine what is causing it. The requests are getting blocked by our Internet Firewall, so I doubt there is any concern at that end, but it does concern me that I am getting my logs filled with these types of requests.

      Any thoughts?

      Just cuz - here is a log entry on my firewall:

      nov ::: %%: : : by - "_in"