NetBIOS attacks
Thread Starter
Join Date: Jun 2000
Location: somewhere near you
Posts: 88
Likes: 0
Received 0 Likes
on
0 Posts
NetBIOS attacks
I have ZoneAlarm, and I keep getting messages saying this
The firewall has blocked Internet access to your computer (NetBIOS Name) from 24.46.27.205 (UDP Port 1030).
or
The firewall has blocked Internet access to your computer (NetBIOS Name) from 81.4.2.22 (UDP Port 1026).
for example. The IP address varies. I get about 1 a minute. The UDP Port it mentions is usaully between 1025 and 1035, but sometimes its bigger. I click on more info, which takes me to a Zone Alarm page, which says some tried to access port 137. It then mentions something about network traffic. But I'm not on a network at the moment... I am quite a lot of the time, but it happens when I'm not on it????? I have windows 2k.
I read a bit somewhere else saying that it might be a worm scanning your ports. It is quite common apparently. Does this sound like it? Bearing in mind I have to access a network, I can't get rid of all my NetBIOS things, so what should I do? Or is it fine as it is?
I might just be being paranoid, but I'd thought I'd check.
Thanks
Rob
The firewall has blocked Internet access to your computer (NetBIOS Name) from 24.46.27.205 (UDP Port 1030).
or
The firewall has blocked Internet access to your computer (NetBIOS Name) from 81.4.2.22 (UDP Port 1026).
for example. The IP address varies. I get about 1 a minute. The UDP Port it mentions is usaully between 1025 and 1035, but sometimes its bigger. I click on more info, which takes me to a Zone Alarm page, which says some tried to access port 137. It then mentions something about network traffic. But I'm not on a network at the moment... I am quite a lot of the time, but it happens when I'm not on it????? I have windows 2k.
I read a bit somewhere else saying that it might be a worm scanning your ports. It is quite common apparently. Does this sound like it? Bearing in mind I have to access a network, I can't get rid of all my NetBIOS things, so what should I do? Or is it fine as it is?
I might just be being paranoid, but I'd thought I'd check.
Thanks
Rob
Join Date: Mar 2001
Location: Wet Coast
Posts: 2,335
Likes: 0
Received 0 Likes
on
0 Posts
In that case, it does sound like a probe, Optimum is the server owning one of the IPs you quoted. ZoneAlarm is doing its job it seems. Suggest you note the IPs, look them up and contact their abuse people. They might be able to identify the user.
Join Date: Nov 1999
Location: hoschton, GA, USA
Posts: 147
Likes: 0
Received 0 Likes
on
0 Posts
I use ZoneAlarm myself, the freebie not the Pro Edition.
To track down the probes, try:
http://www.arin.net/whois/
I think the Pro Edition does this for you.
Because accidentaly hitting the wrong URL or using certain keywords in emails can trigger an intercept by the US Goverment, I reccomend using the above link and using the Freedom Of Information Act (United States only) to find out what incorrect data they have on you.
Trust me, they have data on you. They just may not be using it yet.
To track down the probes, try:
http://www.arin.net/whois/
I think the Pro Edition does this for you.
Because accidentaly hitting the wrong URL or using certain keywords in emails can trigger an intercept by the US Goverment, I reccomend using the above link and using the Freedom Of Information Act (United States only) to find out what incorrect data they have on you.
Trust me, they have data on you. They just may not be using it yet.