Hello,
I am new to Wingate and encounter some port scanning by Wingate upon configuring the Symantec Endpoint Protection software to point to a centralized server to get the definition updates.
On Wingate, I only enabled the WWW proxy service, and disabled all other services. All the while using the Proxy function, it was working well. Recently, I configured the SEP to point to the centralized server, Wingate attempted a port scanning of port 137 on the network to many different servers.
Anyone know what trigger the port scanning by Wingate?
Wingate Port Scanning of port 137
Moderator: Qbik Staff
7 posts
• Page 1 of 1
Wingate Port Scanning of port 137
by teowx82 » Jul 01 14 10:34 pm
- teowx82
- Posts: 16
- Joined: Jul 01 14 10:01 pm
Re: Wingate Port Scanning of port 137
by adrien » Jul 02 14 1:03 pm
Hi
port 137 is NetBIOS ports.
This is used when WinGate enumerates the computers on the netework. Which version of WinGate is this? I didn't think we did this any more since WinGate 7
Adrien
port 137 is NetBIOS ports.
This is used when WinGate enumerates the computers on the netework. Which version of WinGate is this? I didn't think we did this any more since WinGate 7
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate Port Scanning of port 137
by teowx82 » Jul 02 14 2:21 pm
Hello,
Thanks Adrien for the reply.
Currently I am using Wingate 6.6.4.1338. So I presume that when I configured my SEP to point to the centralized server, Wingate at the same time attempted to search for the targeted IP using port 137?
Wenxiang
Thanks Adrien for the reply.
Currently I am using Wingate 6.6.4.1338. So I presume that when I configured my SEP to point to the centralized server, Wingate at the same time attempted to search for the targeted IP using port 137?
Wenxiang
- teowx82
- Posts: 16
- Joined: Jul 01 14 10:01 pm
Re: Wingate Port Scanning of port 137
by adrien » Jul 02 14 3:44 pm
Hi
I think it's a coincidence, WinGate 6 did that network enumeration every 10 minutes. I think you could turn it off in the DNS client settings under enabling WINS enumeration.
We took this out in WinGate 7 - the feature was intended to provide support information for the VPN feature in WinGate - to show what computers were accessible over the VPN. It was never very reliable though, and especially later OSes (Vista onwards) stopped responding by default to netbios queries.
Adrien
I think it's a coincidence, WinGate 6 did that network enumeration every 10 minutes. I think you could turn it off in the DNS client settings under enabling WINS enumeration.
We took this out in WinGate 7 - the feature was intended to provide support information for the VPN feature in WinGate - to show what computers were accessible over the VPN. It was never very reliable though, and especially later OSes (Vista onwards) stopped responding by default to netbios queries.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate Port Scanning of port 137
by teowx82 » Jul 02 14 4:24 pm
Hello,
Oh OK, currently under all the available services Wingate provide, i already disabled all except the WWW Proxy service, will the network enumeration situation occurs? Addition to it, this network enumeration I encounterd only happened once just after I configured the SEP software, it had never occurs before ever since I started using the WWW Proxy function.
Wenxiang
Oh OK, currently under all the available services Wingate provide, i already disabled all except the WWW Proxy service, will the network enumeration situation occurs? Addition to it, this network enumeration I encounterd only happened once just after I configured the SEP software, it had never occurs before ever since I started using the WWW Proxy function.
Wenxiang
- teowx82
- Posts: 16
- Joined: Jul 01 14 10:01 pm
Re: Wingate Port Scanning of port 137
by adrien » Jul 03 14 8:17 am
HI
it's a checkbox in the DNS client in WinGate, not in a service. You need to turn it off there.
Adrien
it's a checkbox in the DNS client in WinGate, not in a service. You need to turn it off there.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate Port Scanning of port 137
by teowx82 » Jul 03 14 3:03 pm
Hello,
OK. Thanks. I will look for the option to disable and monitor the situation. Thanks for the great help.
Wenxiang
OK. Thanks. I will look for the option to disable and monitor the situation. Thanks for the great help.
Wenxiang
- teowx82
- Posts: 16
- Joined: Jul 01 14 10:01 pm
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 7 guests