UDP 137, 138 events litter firewall log [RESOLVED]

After stealth ports wizard - block all I get massive number (one every 5 seconds at least) of netbios related events in my firewall log. I guess the “Block and Log any… any… any…” global rule is responsible. Is there a way to ignore UDP 137/138 related events in the firewall log? I have disabled the netbios in network connection settings - tcp/ip - advanced but i still have the problem.
Windows XP SP3, CIS RC1, no other security software, connected to university hostels local network (automatic network settings are required; DNS?).

You caqn block and not log events on ports 137 & 138 ahead of the block and log all to make them go away. The hostel is just checking on who is out there, but should work fine without knowing. :slight_smile:

I have block and log UDP In any any port 137 above Block and log IP in any any any and firewall still logs blocking port 137 (in events list).
The hostel should be fine but admins are very paranoic :wink: You send just a few spikes of Skype, Orbit downloader with accelerate function on or Opera with bit torrent client on (without using them to download anything) and you get banned >for P2P< for a week! :slight_smile:

Block and NOT log?

Yes, I would like to block these ports without a trace in logs/event list. My system is up for few hours and there is nearly 8000 “137/138 blocked” events.

What are your other global rules? These are incoming? A block and not log ahead of the block all and log should make them disappear-does for me.

Example event list entry:
Application /Action /Source IP /Source Port /Destination IP /Destination Port
Windows Operating System /Blocked /10.2.9.170 /137 /10.2.255.255 /137

PS1. How to get a text format of certain rules so I won’t have to upload images next time?
PS2. I think 137 or 138 blocking also blocks acces to my ftp server.

Anyone? :confused: I didn’t solve it yet…

On the 4th global rule, uncheck “log” and the block will no longer be logged as clutter.

Thank You sded! :■■■■ My logs are clear and finaly useful!
Now it looks like this (attachement).
7,9. Rules which allow me to get rid of junk entries in the logs (tens of thousand per day!) related to things I don’t want to even hear about.
8,10. Thanks to these I think I won’t flood my local network with the things from rules 7 and 9 myself.

1,4. For local network user files scanner/database (it scans users’ files shared through ftps or SMB).
2,3. Allow users from my local network to conn. to my ftp server.
5,6. Leftovers from “Stealth ports wizzard”.

I’ve also added rules not to log IGMP and port 27960 which is called out by Quake 3 players in my local network :stuck_out_tongue:

Now the only thing left is to Export the configuration and relax :-TU

[attachment deleted by admin]

Glad you have the trash cleared. We’ll mark this issue as resolved. PM any mod if you would like it reopened, or start/continue another thread if you have other issues.