Announcement

Collapse
No announcement yet.

Exchange 2000 sends NetBIOS datagrams to remote hosts?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2000 sends NetBIOS datagrams to remote hosts?

    Hi,
    I see in the firewall log that Exchange 2000 machine tries to open connections, using NETBIOS (NS) service [port 137] with different remote hosts on the Internet.
    All these remote hosts appear in the Exchange SMTP log as e-mail senders, however there is a big number of hosts that Exchange machine doesn't try to open NetBIOS connections with.
    Thoughts ?
    Thanks

  • #2
    E2K (or 2003 for that matter) has no business opening NetBIOS ports to other hosts. Period. What you're seeing might be because of another activity on that same server.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      the only relations between our machine and those remote hosts are SMTP incoming connections. I know that IIS has issues with sending NetBIOS lookups:
      http://www.mynetwatchman.com/kb/secu...rts/17/137.htm

      A common cause of these probes is if the source is a Microsoft IIS web server AND Netbios is bound to the public IP address of the server. IIS logging mechanisms attempt to do a reverse name lookup on every IP address that surfs to the site. Normally a reverse DNS lookup is attempted first, but if that fails, IIS will send a Netbios name lookup directly to the user. If the user is running a firewall, it will log a Netbios probe .

      Have IIS and Exchange 2000 some common things? I think so. One of them - SMTP virtual server.

      Comment


      • #4
        Ok, they do, but that doesn't mean that E2K has anything to do with NetBIOS while sending SMTP messages.

        I could be wrong of course.
        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment

        Working...
        X