Excessive Netbios Name service requests appearing in logs (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting


t060502 -> Excessive Netbios Name service requests appearing in logs (19.Sep.2006 2:06:44 PM)


We are currently encountering a problem with Netbios Name Service requests appearing in our firewalllog table.   On a daily basis there could be up to 700,000 of these which is filling up the Log DB (SQL server) very quickly. 

Looking at our rule set-up we only have 3 active 'allow' rules with Netbios as a protocol, two of these are system policy rules to allow remote management and to gain access to diagnostic services.   The third rule is a firewall policy rule to allow Netbios traffic to go from our ISA servers to the MMC and vic-versa.  

What concerns us is that when looking through monitoring in ISA we can see that Netbios Name service connections being denied and the result colde is ' 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED'.  We think that these requests are being denied in the default rule however it still continues to log the denied requests?  

The default rule has the 'Log requests to match this rule' unchecked so it should not be logging these messages.

Ultimately we want to try and disable logging for these requests.  Has anyone experienced this behaviour before or have an idea on how to disable logging for these?


Page: [1]