This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should I be worried? Severity="info" NBNS

So I have tons of these packets logged.

The machine is trying to connect through a NIC that is local only (no gateway) to port 137 on external IP addresses. I will contact the software manufacturer, but what is the threat of these packets?

Does the fact that the Astaro (v7.505) states severity="info" mean that this is just making me aware? If this was a threat would the severity value change?

Thanks!
-Nator

This thread was automatically locked due to age.

Parents

0 BAlfson over 14 years ago

Without looking at the complete log line, it's hard to say if this should worry you. In most logs, "info" just means that the programmer's code is working as designed.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

0 Astaronator over 14 years ago in reply to BAlfson

2010:08:16-00:00:29 info ulogd[3924]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth1" dstmac="00:22:19:ae:51:5d" srcmac="00:0c:29:2f:8a:ad" srcip="192.168.1.105" dstip="111.222.333.444" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

I hope this helps. I modified the IPs, but this is what I see thousands of.

Thanks!

Reply

0 Astaronator over 14 years ago in reply to BAlfson

2010:08:16-00:00:29 info ulogd[3924]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth3" outitf="eth1" dstmac="00:22:19:ae:51:5d" srcmac="00:0c:29:2f:8a:ad" srcip="192.168.1.105" dstip="111.222.333.444" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

I hope this helps. I modified the IPs, but this is what I see thousands of.

Thanks!

Children

No Data