Call for packets udp/137 broadcast

Published: 2014-04-01
Last Updated: 2014-04-01 19:01:22 UTC
by Basil Alawi S.Taher (Version: 1)
2 comment(s)

One of our readers have reported that he has seen a broadcast traffic to udp/137 . He suspected that the traffic cause a denial of service to some of his systems.

If you have seen such traffic and you would like to share some packets we would appreciate that.


2 comment(s)


This might be pointing out the obvious to this crowd, but normally udp port 137 is NetBIOS name service. It is on by default on all windows systems, not 100% sure about windows server 2012. So everybody has this type of traffic unless you manually disable netbios on the network interfaces. Yes, I know that malware can communicate over this protocol and port.
Indeed, this may simply be a netbios scan. Using auxiliary/scanner/netbios/nbname_probe in metasploit produces lots of traffic on udp/137. I assume nbname queries could be broadcast for hostname discovery.

Diary Archives