Tuesday, November 14, 2006

UDP/137

Today I finally got around to researching why our Windows DNS server keeps sending mass amounts of packets on UDP/137. From this post I finally figured out why. It appears when a DNS server can find a local record that Win32 gethostbyaddr() will additionally use NetBIOS for name resolution of the host and therefore send a packet to the host on udp/137 and given the size of your enterprise, this can be a pretty significant number of requests.