Tuesday, November 14, 2006
UDP/137
Today I finally got around to researching why our Windows DNS server keeps sending mass amounts of packets on UDP/137. From this post I finally figured out why. It appears when a DNS server can find a local record that Win32 gethostbyaddr() will additionally use NetBIOS for name resolution of the host and therefore send a packet to the host on udp/137 and given the size of your enterprise, this can be a pretty significant number of requests.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment