Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should I be worried? Severity="info" NBNS

So I have tons of these packets logged.

The machine is trying to connect through a NIC that is local only (no gateway) to port 137 on external IP addresses. I will contact the software manufacturer, but what is the threat of these packets?

Does the fact that the Astaro (v7.505) states severity="info" mean that this is just making me aware? If this was a threat would the severity value change?

Thanks!
-Nator


This thread was automatically locked due to age.
Parents
  • Without looking at the complete log line, it's hard to say if this should worry you.  In most logs, "info" just means that the programmer's code is working as designed.

    Cheers - Bob
  • 2010:08:16-00:00:29 info ulogd[3924]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth1" dstmac="00:22:19:ae:51:5d" srcmac="00:0c:29:2f:8a:ad" srcip="192.168.1.105" dstip="111.222.333.444" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"


    I hope this helps. I modified the IPs, but this is what I see thousands of.

    Thanks!
Reply
  • 2010:08:16-00:00:29 info ulogd[3924]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth1" dstmac="00:22:19:ae:51:5d" srcmac="00:0c:29:2f:8a:ad" srcip="192.168.1.105" dstip="111.222.333.444" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"


    I hope this helps. I modified the IPs, but this is what I see thousands of.

    Thanks!
Children
No Data