Unfiltered port 137 packet through WRT310N firewall

I'm running a WRT310N wireless router (latest firmware 1.00.4) with NAT and SPI enabled.
Today, while messing around with a software firewall on my laptop, I noticed the following log entry:
9/19/2008 9:43:11 AM Communication denied by rule
dest->192.168.1.103:137 src->77.67.91.83:137 pctl->UDP Rule->Block NETBIOS Name Service requests
This makes me nervous.  How is it even possible for a packet to be forwarded onto a private network like this?
1)  Port forwarding?  Nope, or at least I don't have a specific port forwarding rule enabled on the router.
2)  NAT'd port?  I hope not.  The router should not be NAT'ing the NETBIOS ports outside the private network.
Is it possible that the router NAT algorithm is too simplistic/transparent enough for someone on the untrusted side to spoof a packet onto the private network?
Any help or ideas would be appreciated.  The tech support view was to re-flash the router and run/monitor software firewalls?!

The most likely answer is your computer sent something to 77.67.91.83:137 and this is the response. If you have not configured port forwarding for it the router only forwards UDP packets into your LAN if there is some other outgoing traffic before. Of course UDP port 137 gets natted like any other port. It would be very problematic if they did because then people would not be able to access shares through a NAT router in a simple two router setup.
NAT is always quite simplistic and it is know to have various issues. NAT is no security feature. It is a connectivity feature allowing you to use a single public IP address with multiple private IP addresses. This mapping per definition is prone to problems. Various NAT helper which allow you to use services like FTP in the internet have side effects for security.
But one thing is sure to say: the router cannot let something in without you initiating something from the inside before. If it does not know where to deliver the packet it drops it (unlike years ago when the LAN was flooded with it).

Similar Messages

  • What are the ports need to open at firewall

    What are the ports need to open at firewall to access Oracle EBS R12 through internet?

    All these following ports need to open at firewall??
    Database Port : 1521
    RPC Port : 1626
    Web SSL Port : 4443
    ONS Local Port : 6100
    ONS Remote Port : 6200
    ONS Request Port : 6500
    Web Listener Port : 8000
    Active Web Port : 8000
    Forms Port : 9000
    Metrics Server Data Port : 9100
    Metrics Server Request Port : 9200
    JTF Fulfillment Server Port : 9300
    MSCA Server Port : 10200-10205
    MCSA Telnet Server Port : 10200,10202,10204
    MSCA Dispatcher Port : 10800
    Java Object Cache Port : 12345
    OC4J JMS Port Range for Oacore : 23000-23004
    OC4J JMS Port Range for Forms : 23500-23504
    OC4J JMS Port Range for Home : 24000-24004
    OC4J JMS Port Range for Oafm : 24500-24504
    OC4J AJP Port Range for Oacore : 21500-21504
    OC4J AJP Port Range for Forms : 22000-22004
    OC4J AJP Port Range for Home : 22500-22504
    OC4J AJP Port Range for Oafm : 25000-25004
    OC4J RMI Port Range for Oacore : 20000-20004
    OC4J RMI Port Range for Forms : 20500-20504
    OC4J RMI Port Range for Home : 21000-21004
    OC4J RMI Port Range for Oafm : 25500-25504
    DB ONS Local Port : 6300
    DB ONS Remote Port : 6400
    Oracle Connection Manager Port : 1521

  • Portal access through a firewall

    Hi there!
    Having the default installtion of R2 on a single W2K box, what's the minimal procedure to make this configuration available through a firewall?
    I've opened ports 7777-7778 but fail when trying to logon via SSO (host.domain.com:7777/pls/orasso)
    Have I missed out to open another port or am I forced to follow the steps of setting up a reversing proxy to have portal-access outside the firewall?
    Cheers
    /Staffan

    If they are on different servers, then both are listening on the 7777 port, and you will have to change one of them to use another port (assuming your firewall can only port forward a port to only one host).
    If you are running both instances on the same server, then your SSO is accessible via 7777 and your midtier would be on 7778, so your setup as described should be enough (I do the same thing).
    If they are running on the one machine, can you access the SSO/INF server directly? http://inf.domain.com:7777 and then http://inf.domain.com:7777/pls/orasso ?

  • Help sending a Magic Packet through to WOL

    I'm trying to set up my Airport Extreme to send a magic packet through. It successfully wakes up my computer if I do it immediately after it goes to sleep, but if I try after its been asleep a few hours it doesn't work.
    I would think it may be a computer issue, but if I WOL over the network without going over the internet I can wake it up no matter how long it's been asleep. This leads me to believe it's an issue with the Airport Extreme "forgetting" my desktop after it's been asleep for a few minutes.
    I've already set it up to port forward correctly, but is there something else I need to do?

    Unfortunately this seems to be the common experience.
    I did read somewhere that 'routers flush out ARP tables' after a period of inactivity meaning, after 5 mins or so-you cant wake up your sleeping computer remotely. I have no idea what that means or how to fix it, have been looking constantly since Snow Leopard came out.
    As you say, can do it from the home network, outside of that-it only works for about 5 mins.

  • Solaris 10 ssh through a firewall

    I have Solaris 10 up and running on an HP Vectra. Everything is fine until I attempt to ssh through my firewall from the outside world.
    I can ssh from my linux systems on the lan. But when I attempt to ssh from outside using either putty or ssh on another solaris 10 system the connection times out.
    Anyone else experience a similar problem? Many thanks in advance.
    John Wright
    Asst Professor
    CIT
    Bellevue University

    It's hard to tell what's going on without some more information. Here're a few things you can try:
    Run "ssh localhost" from the Solaris box and make sure that works.
    ssh to the Solaris box from another box on the same network segment.
    From the site that doesn't work, do "ssh -v solaris_box" and see if that gives you any clues.
    After trying to ssh from outside, do a "netstat -an |grep -i '*.22' and see the state of the TCP connection
    (or if the first packet never even makes it).
    Run sshd on the Solaris box with with the "-d" debug option.

  • Workstation Clients through a Firewall

    Does anyone out there know if there are any issues with workstation clients going
    through a firewall?
    Thanks!
    mervin

    We have done it successfully from NT to a Unix server over afirewall. Its a case
    of getting the WSNADDR set up correctly.
    use the -H option in the WSL entry in ubb config shows to set it up.
    eg
    CLOPT="-A -- -d /dev/tcp -n 0x0002nnnnxxxxxxxx -H 0x0002MMMMyyyyyyyy"
    Where nnnn is a port number
    xxxxxxxx is the true hex IP address of the server
    yyyyyyyy is the firewall hex address of the server
    MMMM is fixed.
    WSNADDR on the PC is set to port number and firewall address.
    I know the hex notation is a bit out of date these date but it works fine for
    us.
    Hope it helps
    Sue
    "Mervin Calverley" <[email protected]> wrote:
    >
    Does anyone out there know if there are any issues with workstation clients
    going
    through a firewall?
    Thanks!
    mervin

  • Does configuring an endpoint opens a port in the guest VM firewall?

    Hi there. I found out that if I want to access a specific port in a VM (Java RMI in my case), I have to configure an endpoint for this port. However, I was surprised that configuring an endpoint was enough to access the port. I didn't change the firewall
    rules in the guest for this port and it was immediately accessible from outside Microsoft Azure.
    Does configuring an endpoint opens a port in the guest VM firewall?

    Hi,
    According to the official article below, it indicates that "Firewall configuration is done automatically for ports associated with Remote Desktop and Secure Shell (SSH), and in most cases for Windows PowerShell Remoting. For ports specified for
    all other endpoints, no configuration is done automatically to the firewall in the guest operating system. When you create an endpoint, you'll need to configure the appropriate ports in the firewall to allow the traffic you intend to route through the endpoint."
    How to Set Up Endpoints to a Virtual Machine
    Best regards,
    Susie

  • How to allow Flash, Reader, and Shockwave installations through the firewall?

    When I allow a single machine to full access through the firewall on port 80, all three products install flawlessly. I am trying to narrow this down and only open the specific IP ranges used by adobe. Does anyone know which ones need to be allowed for this to work? Also, I do know about the standalone files that can be downloaded and then installed to avoid the firewall issue, but I would like to allow all users who bring their own devices to install these products. With the below IP address open through port 80, I am able to install Flash almost every time, but Reader and Shockwave are less reliable. Thank you for any help you can provide.
    Bill
    23.67.250.122
    23.67.250.129
    23.67.250.104
    23.67.250.147
    23.15.7.153
    23.15.7.130
    23.15.7.160
    23.15.7.99
    23.15.7.155
    23.15.7.113
    23.15.8.203
    23.57.1.169
    23.57.3.235
    23.67.250.88
    23.57.2.70
    8.10.179.247
    66.235.147.77
    96.17.160.72
    96.17.160.18
    192.150.16.58
    192.150.16.64
    193.104.215.66
    199.167.187.72

    I have a method that works for FLASH player, but am trying to come up with a method for the other 2 myself.  To automate flash player, I created a Policy and added the following:
    Under Computer Config, Prefrences, Windows Setting, Files I created a new File Item.
    I set Action = Replace, Created a Source File named mms.cfg* (more below) and have the destination file as systemroot%\System32\Macromed\Flash\mms.cfg (or %systemroot%\SysWOW64\Macromed\Flash\mms.cfg for x64)
    I used notepad to edit the mms.cfg, and used the following in the body:
    AutoUpdateDisable=0
    SilentAutoUpdateEnable=1
    AutoUpdateInterval=0
    My non-admin users now update flash in the background silently and automatically.

  • Firewall Rules for Printing and Scanning through Windows Firewall

    Hello,
    I am having trouble determining the Ports, Programs, and Services required for printing and scanning with my AIO.
    I am using Windows Firewall in Windows 7, and am only allowing certain rules in and out.
    I know the firewall is the problem, for when I disable it, everything works fine.
    Which rules are required for printing and scanning through the firewall?

    4th Bump,
    Is there anyone who can help me with this?
    As I said before, other printer manufacturers such as Lexmark and Brother provide this exact information.
    Why doesn't hp have a document for this? Does everyone just disable their firewall or open every port?

  • Cisco 8851 phones registering through Checkpoint firewall

    We have a customer with a secured network, using Checkpoint firewalls and have a VPN site-to-site tunnel between our Cisco ASA and their Checkpoint firewall, with Cisco phones on the far side of the tunnel and CallManager 8.6 behind the ASAs.  We have all the proper network ports referenced, but cannot get either a new Cisco 8851 (SIP) or a Cisco 7942 phone to register.  The 8851 phone, when it tries to register, uses the 6970 port for distributed TFTP via HTTP first (by design), followed by TFTP/69.  The 7900 phone never generates TFTP on port 69 at all.  What is also strange is that the source port 5060 on the 8851 phone seems to be masked with an upper ephemeral network port (51566) when the request traverses the network, regardless of it passing through the firewall or a router.  I know that TFTP uses UDP, but there is nothing in the docs that state it uses these upper port ranges?
    Is this behavior normal for a Cisco SIP-based phone, and with the Skinny phone, is there something with Checkpoint firewalls that causes issues with Cisco VOIP phones.  I have done key-word searches on the Forum for this issue, but have not found anything significant.  I have also looked at the Nokia support forum, and saw some briefs, but it didn't directly describe our issue.  Any help would b e greatly appreciated.
    Thanks,

    Hi Andrew
    The attached document may assist:
    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf
    A lot depends on topology etc, and the handset registration protocol you are using (SIP vs SCCP).
    Hope this helps.
    Barry Hesk
    Intrinsic Network Solutions

  • Make a Cisco SPA 303 ring by sending a packet through your network?

    Hey Guys,
    I was wondering, and I need to know for my business, is there any way at all for me to make my Cisco SPA 303 VOIP Phone to ring by sending a packet through my local network?
    I would like to just be able to click a button or send a command throught the command prompt and make it ring, but I don't know if there is any way for this to happen.
    Thank!

    Do you know perl?
    I had same issue and I wrote a simple perl script that works as wake up service.
    PERL is an interpreted language and so can be executed on Linux and  Windows operating systems. Linux can interpret perl natively while for  Windows you can download many free interpreters like Activeperl or  Strawberry perl. To run the script you must use a third party server.
    In my configuration the script runs on a linux server in background as a service and checks every minute the  directory called "alarm", reads files and uses the file name as called  number and checks the content to verify if is the time to call. At the moment the script uses SIP and handles 4 call responses: 404 user  not found, 486 busy, 487 not answer and 200 answer ok.  In every cases sends an email and deletes files. Only for the answer  case plays a nice music.
    Files have this particular format: file name is equal to calling  party number and file content is the alarm time in 24 hours format  with : as separator between hours and minutes.
    e.g.
    ext. 101 must be called at 8 am ---> write the file 101.txt with the content 08:00
    ext. 101 must be called at 8:30 am ---> write the file 101.txt with the content 08:30
    There is a limitation: if you activate the Authentication for SIP messages and there are more  then two simultaneous calls, the script sends some INVITEs without  authentication or with wrong checksum and so not all phones ring. This  problem is under investigation.
    Are you intresting?
    Regards.

  • Whenever I try to open up Firefox, it says that it's unable to connect, however, my internet connection is fine and I can still open up Internet Explorer. I already allowed Firefox through my firewall.

    My internet connection is fine, I already allowed Firefox through my firewall. This is the first time it had ever happened and it happened suddenly, out of nowhere.

    Try "Firefox connection settings" in [[Server not found]]
    You can find the connection settings in Tools > Options > Advanced : Network : Connection<br />
    If you do not need to use a proxy to connect to internet then select No Proxy
    You can also try to remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process.
    See:
    * [[Server not found]]
    * [[Firewalls]]

  • Endpoint on DMZ interface (through the firewall)

    Hi
    I have an ASA which connects to a BT Inifinty router. The address on the outside interface is dynamic. BT provide us with 5 static addresses (No NAT 5) which are routed to the outside interface but are a different subnet.
    I would like to terminate the site to site  VPN using one of the static IP addresses rather than the outside dynamic address.
    Can I NAT the public static address to the DMZ interface (or any interface for that matter) and terminate the VPN on that interface i.e. the firewall is terminated through the firewall?
    Thanks
    Stuart
    Update: A few people have looked but no answer. Is there some detail I need to add?

    Matheus.Omega.Mendes wrote:
    Well one solution that they found was implements one hollow interface called InterfaceWeb, just to mark the classes that works on web and desktop, although our system isn't perfectly object oriented, this solution was the worst that I ever seen. At least I think this way and I'd like to know if someone agree, disagree or have some explication for this choose.Hard to say without actually seeing it. Probably not a good idea.
    Presumably the design was driven by time to market and cost rather than just because the developers didn't want to refactor.
    As per the other suggestion, normally besides breaking the layers out you could share common functionality with a layer of its own (or several)

  • Iron port slow connection through firewall interface, data blanked out

    Hi Alll
    Installing a new pair of IronPort c170 appliances behind a ASA 5520 and currently getting blanked out response when connecting via telnet on port 25 to the outside interface.  Testing this internally there are no issues and the hostname is shown, but from the outside, response is very slow and some information is masked as xxxxxxx.
    Going through the ASA, esmtp stateful packet inspection is removed and the IPS has already been ruled out.
    Has anyone come accross this issue before. Please could you shine some light on this.
    Many thanks

    Hello James,
    when some of the information is masked, this means you still have SMTP fixup enabled on the ASA. I am not an expert on these devices, but here is an article on this topic that may be useful:
    Article #1816: Why do we see XXXXXXXA after EHLO and "500 #5.5.1 command not recognized" after STARTTLS? Link: http://tools.cisco.com/squish/E68cB
    Hope that helps.
    Andreas

  • Specify the port number to go through the firewall

    I noticed the ibm application server gives option to specify the listener port for EJB using this parameter -Dcom.ibm.CORBA.ListenerPort=8888 .
    Can I do the same thing for Sun Application Server?

    org.omg.CORBA.ORBInitialPort
    This is only for the initial connection. After the ejb container receives the call, it is going to communicate with the connecting client using random port number.

Maybe you are looking for