This is more than likely attributed to NetBIOS
This is due to the behavior of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the "gethostbyaddr()" function.
This shouldn't be too big of a concern for you.
You might want to disable the NetBios Over TCP/IP protocol on the interface and use the <font color="#13b4dc">LMHOSTS</font> file for the servers that needs to be resolved using NB names. That might be the case e.g. of the SQL Server.
You should no more have any NetBios Lookup Query trying to go through your firewall if you do so.
Some posts about the same issue:
[Netbios name resolution needed? | http://thwack.solarwinds.com/message/11158#11158]
[okay to disable NetBIOS over TCP/IP? | http://thwack.solarwinds.com/message/35428#35428]
[Re: Is NetFlow 3.1 Application Passive or Active??? | http://thwack.solarwinds.com/message/66253#66253]
[http://www.solarwinds.com/NetPerfMon/SolarWinds/wwhelp/wwhimpl/js/html/wwhelp.htm?context=SolarWinds&file=OrionNetFlowPHDNSResolutionOptions.htm | http://www.solarwinds.com/NetPerfMon/SolarWinds/wwhelp/wwhimpl/js/html/wwhelp.htm?context=SolarWinds&file=OrionNetFlowPHDNSResolutionOptions.htm]
Disable on interface level.
Thanks Malik, a very naive question, Disabling this wont affect my Orion monitoring for any modules right?
We had exactly the same problem, and disabled the Netbios over TCP settings withinth eadaptors on the pollers as detailed by Malik, no negative impact on the systems were seen.
1 of 1 people found this helpful
It will not effect Orion monitoring and will not effect other modules .
Please let me know if you required further details or have any question .
If this worked for you or helped please mark this as answared for others.
We saw the same traffic and did the same proceedure to stop UDP 137 scanning.
The security team was happy. So are the System Admins.
Have a well monitored day!