Superhub : Who/what is this IP (modem mode)?

[RainmakerRaw]

My SH3 is in modem mode, and goes like this:

SH3 > pfSense (APU2C4) > TP-Link 8 port PoE switch
........................................| ethernet clients
........................................| Ubiquiti UAP AC PRO

I currently have the subnets 192.168.100.1 (for the SH3 modem) and 192.168.1.0/24 for the LAN. It used to be 10.x.x.x but that started messing with DHCP from some of my VPN subscriptions so I changed it. Anyway...

I've noticed lately in the firewall logs (pfSense) that there are hits blocked on the WAN side, from 192.168.100.3:138 > 192.168.100.255:138. Does anyone know what's going on there? I assumed it was broadcast related (hence the .255) or NETBIOS/Samba at first (port 138); however if the modem is in transparent bridge mode isn't the only client IP 192.168.100.1? What then is 192.168.100.3 (and by inference, 192.168.100.2)?

Could this be an attempted Smurf attack? Thanks in advance for any info, I'm always wanting to learn something new.

Smurf attacks are normally ICMP based, not tcp/udp.

I assume they are udp hits ?
They certainly look like Netbios broadcasts, but what's sending them is a puzzle.

[RainmakerRaw]

Yes, sorry, they're UDP hits. There are 178 hits in the recent logs for that particular string (192.168.100.3:138 > 192.168.100.255:138). Weird.