enVision sending out UDP 137 NetBIOS Name Query Requests
Our Network department alerted me that our enVision appliance was sending out a large stream of UDP-137 NetBIOS Name Query (NBSTAT) requests to external/public IP addresses. When I verified this on the appliance using a packet capture, I can't match the destination IP addresses with anything related to log data enVision is processing (i.e. enVision attempting to resolve the name of the destination IP address).
We're seeing around 2,000 of these packets every minute.
Is anyone seeing the same on their appliance?
At first I figured it was attempting to put a name to an address that it found as a result of a event log entry, but that didn't seem to be the case. It was attempting to do reverse name lookups on addresses that I couldn't find anywhere in the database and I never put in much time to determine why it was attempting to resolve those addresses.