Hello.
For a very long time I've just accepted this netbios logging as A Way of Life, but recently have decided to fix it.
The traffic indicated in the logs below *SHOULD BE* implicity DROPPED and NOT LOGGED. It may be getting dropped, but obviously it is getting logged. I don't want this, it makes me nervous, and this isn't the behavior one would expect from a good firewall.
Even with EXPLICITY dropping this traffic:
Ext_Interface__ { netbios } eth0_Network__ Drop
It still gets logged. My question then is what the heck is going on here and how can I get this stuff to NOT LOG?
Cheers,
-zeek
Jan 19 13:11:11 192.168.1.1 kernel: UDP Drop: IN=eth1 OUT= MAC=00:40:95:30[:D]2:11:00:02:3b:00:02:a4:08:00 SRC=80.145.49.108 DST=xxx.xxx.xxx.xxx LEN=78 TOS=0x00 PREC=0x00 TTL=119 ID=28085 PROTO=UDP SPT=1028 DPT=137 LEN=58
Jan 19 13:16:59 192.168.1.1 kernel: UDP Drop: IN=eth1 OUT= MAC=00:40:95:30[:D]2:11:00:02:3b:00:02:a4:08:00 SRC=62.226.144.44 DST=xxx.xxx.xxx.xxx LEN=78 TOS=0x00 PREC=0x00 TTL=116 ID=53353 PROTO=UDP SPT=1027 DPT=137 LEN=58
Jan 19 13:19:22 192.168.1.1 kernel: UDP Drop: IN=eth1 OUT= MAC=00:40:95:30[:D]2:11:00:02:3b:00:02:a4:08:00 SRC=65.178.224.44 DST=xxx.xxx.xxx.xxx LEN=78 TOS=0x00 PREC=0x00 TTL=116 ID=14866 PROTO=UDP SPT=1027 DPT=137 LEN=58
This thread was automatically locked due to age.
