We have a machine running IIS on Windows Server 2008 R2. Our firewall is catching connection attempts originating at this server. The connections are targeting UDP port 137 on a number of workstation machines in the network. I would like help determining whether these connection attempts can be stopped.
I have read that when a computer wants to look up the host name for an IP address and the DNS server does not return results, it might try to connect to that IP address on port 137 to query that machine directly.
I have no evidence that IIS is doing reverse lookups, but I suspect it because all of the IP addresses the server is trying to connect to belong to users who have reason to regularly connect to this web site.
I have also read that IIS can be configured to do reverse lookups in "IP Address and Domain Restrictions" > "Edit Feature Settings". But our IIS has this setting unchecked globally and for each site.
I would appreciate ideas.
Regards,
Cam