UDP packets sent to port 137 from port 137 on other computers is the most-often-seen transgression on the Internet today. My firewall blocks at least six of these daily, from all over the planet.
However, many ISP security folks, and some purported security experts' web sites will tell you that these probes are nothing to worry about. "It's harmless", they tell you, "it's just like a nameserver query.. a nameserver query."
Okay. Ask yourself why someone half-way across the country would want to know what your NetBIOS hostname is. Ask yourself what this person is doing snooping around on your subnet anyway.
The answer is obvious: He's trying to examine some shares.
TCP/IP has transported his packets to your computer's IP address. But NetBIOS uses names, not IP addresses. He needs your computer's name so he can send it some NetBIOS commands to see how it's set up... see what the user names are (if any)... see what the share names are... and attach to them.
But he's gotta find that NetBIOS name first.
Is this not similar to connecting to a telnet server in order to ascertain which operating system is in use so an appropriate exploit can be chosen?
Oh, but the "experts" don't seem to think it's a problem.... or do they?
Most ISPs have a Security function which is understaffed and short on other resources, with an increasing heavy workload. This is especially true of the cable modem outfits, such as @Home and RoadRunner. These ISPs typically have ONE security group watching over their entire nationwide network. You know they're busy.
As such, the only ways they can reduce their workload are:
These tactics are irresponsible and dangerous.
Unwanted UDP probes on port 137 from computers you don't know could be the first step in an effort to compromise your system, and should be treated as such.
Kevin Mitnick said that any computer connected to the Internet is NOT secure. Kevin knows what he's talking about.
You'd naturally want to keep burglars out of your neighborhood. Lets get these cyber-burglars off of the 'net.