none
IIS(?) connecting to port 137

    General discussion

  • We have a machine running IIS on Windows Server 2008 R2. Our firewall is catching connection attempts originating at this server. The connections are targeting UDP port 137 on a number of workstation machines in the network. I would like help determining whether these connection attempts can be stopped.

    I have read that when a computer wants to look up the host name for an IP address and the DNS server does not return results, it might try to connect to that IP address on port 137 to query that machine directly.

    I have no evidence that IIS is doing reverse lookups, but I suspect it because all of the IP addresses the server is trying to connect to belong to users who have reason to regularly connect to this web site.

    I have also read that IIS can be configured to do reverse lookups in "IP Address and Domain Restrictions" > "Edit Feature Settings". But our IIS has this setting unchecked globally and for each site.

    I would appreciate ideas.

    Regards,
    Cam

    Tuesday, August 06, 2013 9:33 PM

All replies

  • Hi,

    According to the problem description, this issue is related to IIS. For IIS issue, the best resource is IIS forum.

     

    Based on the current situation, you’d better submit a new question to IIS forum for further assistance. In this way, your issue can be resolved effectively.

     

    IIS Forums

    http://forums.iis.net/

     

    Thanks for your understanding!

    Regards,

    Yan Li

    If you have any feedback on our support, please click here .


    Cataleya Li
    TechNet Community Support

    Wednesday, August 07, 2013 9:38 AM
    Moderator