SonicWall in Stealth Mode but Sends out NetBios Packet During a Port Scan

When a port scan is used against a Sonicwall with stealth mode on, the Sonicwall should not answer back; It will not say if the port is open or not. It says nothing. However in this case, a packet capture showed the Sonicwall was sending out a NetBIOS packet to the port scan IP address.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Stealth mode was enabled in the Network | Firewall | Advanced | Settings  page.

The SonicWall was not replying back to the port scan, but it was querying the device to resolve the NetBIOS name for the log.

On the Device | Log | Name resolution page, changed the Name Resolution Method to just DNS instead of DNS then NetBIOS.

Now further port scans should show no responses from the SonicWall.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Stealth mode was enabled in the Manage | Firewall Settings | Advanced Settings page.

The SonicWall was not replying back to the port scan, but it was querying the device to resolve the NetBIOS name for the log.

On the Manage | Log Settings | Name resolution page, changed the Name Resolution Method to just DNS instead of DNS then NetBIOS.

Now further port scans should show no responses from the SonicWall.