Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

UDP/137 (NetBIOS) queries from the Bit9 Server

UDP/137 (NetBIOS) queries from the Bit9 Server

Version

7.x

 

Issue

After installing the Bit9 Connector for Network Security Devices add-on, the Bit9 Server starts to make UDP/137 (NetBIOS) queries to foreign IPs.


Symptoms

Unexpected UDP/137 (NetBIOS) traffic appears on the network.


Cause

When the Bit9 Reporter receives a notification from a Palo Alto Network or FireEye device it gets the IP address in the notification. The Bit9 Reporter then attempts to resolve the IP to an actual DNS name so that it can be stored for future display in the UI. This can result in a NetBIOS query for the IP.

 

Solution

While we are only attempting to resolve the IP to a user friendly DNS name and are not attempting to access or contact the remote IP, if you wish to turn off this behavior, please contact the Bit9 Support team.

 

 

Internal Notes

https://community.bit9.com/docs/DOC-3709

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-21-2015
Views:
407