The RA Console server is sending traffic on port 137 UDP to external hosts outside of your firewall, causing alerts within your security team.
RA 9.0 and earlier
This is normal NetBIOS traffic that occurs when RA is unable to resolve an IP seen in netflow through DNS.
When a name does not resolve, RA tries to connect using NetBIOS to get the machine name of the host.?
To disable NetBIOS in RA:
- Remote desktop to the RA master console
- Open up Control Panel --> Network Connections
- Right click on the NIC and select Properties
- Select Internet Protocol (TCP/IP) in the list of items and click Properties.
- Click on Advanced
- Go to the WINS tab
- In the NetBIOS setting box, select Disable NetBIOS over TCP/IP