Following on from DNS Amplification DDOS attacks, more recently NETBIOS services are being utilised for "Amplification DDOS attacks" to reflect traffic against other networks.
You can read up on this further at the below URL:
https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-NetBIOS
The easiest way to resolve this issue, is by creating a Firewall rule, to block Port 137, for incoming traffic for UDP excluding trusted IP ranges.
Below are some basic examples when testing, showing before, and after information using the nbtstat command in Windows CMD Prompt.
Testing - Before
Testing - After
