Forum Discussion

Lavode's avatar
Lavode
Level 2
9 years ago

Excessive Port Denies

We recently got a complaint from our Information Security Office indicating that our Master server was attempting to connect to all of the virtual machines in our virtual environment over port 137.  The firewall between the master server and the virtual machines was alerting them that there were excessive firewall denies.  I created a new case with Veritas, and asked them to provide documentation on what purpose this communication served.  They couldn't explain what the communication was for.  Since we couldn't determine what the communication was for, we had to turn off NetBIOS over TCP/IP on that interface, which stopped the problem.

However, in order to upgrade the software, we have to have NetBIOS over TCP/IP enabled.

Does anyone know why this port would be used, and why it would be attempting to connect to all the virtual machines?  According to the Firewall Port Requirements, port 137 is only used for SQL client hosts using a "remote registry service."  But there are no SQL clients in that vCenter.

  • I donit think it was NetBackup "per se" that was using NetBios.   I think it was Windows TCP stack with NetBios integration.  You will always have this problem when NetBios is enabled on Windows based NIC, because not only is TCP and DNS doing name lookups - but Windows itself... when NetBios is enabled... is being opportunisitc and also trying to communicate to establish NetBios channels.   It's not NetBackup, it's "Windows" networking - that's just the way it is and it's doing exactly what it's meant to do when NetBios is enabled on an interface.

    You've done the right thing to turn it off when it's not required.  So, turn it on to do your updates, if you need to, and turn it off again afterwards.

3 Replies

  • I donit think it was NetBackup "per se" that was using NetBios.   I think it was Windows TCP stack with NetBios integration.  You will always have this problem when NetBios is enabled on Windows based NIC, because not only is TCP and DNS doing name lookups - but Windows itself... when NetBios is enabled... is being opportunisitc and also trying to communicate to establish NetBios channels.   It's not NetBackup, it's "Windows" networking - that's just the way it is and it's doing exactly what it's meant to do when NetBios is enabled on an interface.

    You've done the right thing to turn it off when it's not required.  So, turn it on to do your updates, if you need to, and turn it off again afterwards.

  • Or have I missed a point... you haven't explicity stated that your saw any specific processes open ports.  You just said master - so IMO this is then probably "Windows" itself, and not NetBackup.  There's a hole big topic about NetBios on the internet.

  • We assumed that it was NetBackup making the connection, since this problem seemed limited to our master server, and not on other servers in our environment.  Thanks for the information!