Hi,
I see a lot of drops on my firewall and would like to ask, if this behavior of Windows 2003 server as DC is normal? We don't have any subnets in 192.168.x.x range.
[SIZE="1"]00:24:03 Default DROP UDP 172.30.3.13:137 192.168.174.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:24:04 Default DROP UDP 172.30.3.13:137 192.168.174.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:24:06 Default DROP UDP 172.30.3.13:137 192.168.174.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:24:07 Default DROP TCP 172.30.3.13:139 192.168.174.1:4303[ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:24:10 Default DROP TCP 172.30.3.13:139 192.168.174.1:4303[ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:24:16 Default DROP TCP 172.30.3.13:139 192.168.174.1:4303[ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:07 Default DROP UDP 172.30.3.13:137 192.168.83.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:08 Default DROP UDP 172.30.3.13:137 192.168.83.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:09 Default DROP TCP 172.30.3.13:139 192.168.149.1:4445 [ACK SYN]len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:10 Default DROP UDP 172.30.3.13:137 192.168.83.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:11 Default DROP TCP 172.30.3.13:139 192.168.83.1:4316 [ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:12 Default DROP TCP 172.30.3.13:139 192.168.149.1:4445 [ACK SYN]len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:14 Default DROP TCP 172.30.3.13:139 192.168.83.1:4316 [ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:18 Default DROP TCP 172.30.3.13:139 192.168.149.1:4445[ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:26:20 Default DROP TCP 172.30.3.13:139 192.168.83.1:4316[ACK SYN] len=48 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:01 Default DROP UDP 172.30.3.13:137 192.168.80.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:01 Default DROP UDP 172.30.3.13:137 192.168.70.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:01 Default DROP UDP 172.30.3.13:137 192.168.230.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:02 Default DROP UDP 172.30.3.13:137 192.168.80.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:02 Default DROP UDP 172.30.3.13:137 192.168.70.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:03 Default DROP UDP 172.30.3.13:137 192.168.230.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:04 Default DROP UDP 172.30.3.13:137 192.168.80.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:04 Default DROP UDP 172.30.3.13:137 192.168.70.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:05 Default DROP UDP 172.30.3.13:137 192.168.230.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:08 Default DROP UDP 172.30.3.13:137 192.168.80.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:08 Default DROP UDP 172.30.3.13:137 192.168.230.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88
00:29:09 Default DROP UDP 172.30.3.13:137 192.168.80.1:137 len=293 ttl=122 tos=0x00 srcmac=00:18:71:cb:e7:00 dstmac=00:1a:8c:18:05:88[/SIZE]
Cheers,
rudi
This thread was automatically locked due to age.