Last night, I was using my laptop to connect to a public wireless accesspoint (which I do often) when ZoneAlarm Pro gave me a cryptic popup message saying something about netbios being blocked. The same message popped up 5 or 6 more times, each time saying it was blocked.

Looking at the event log on ZoneAlarm, I found this entry:

QUOTE
Description Packet sent from 172.20.4.53 (TCP Port 57384) to 172.20.4.36 (NetBIOS Session) was blocked
Rating High
Date / Time 2006/07/14 23:30:46-4:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 172.20.4.53:57384
Destination IP 172.20.4.36:139
Direction Incoming
Action Taken Blocked
Count 1
Source DNS
Destination DNS COLOSSUS


The explanation from Zonelabs is:
QUOTE
ZoneAlarm Pro prevented a remote computer from connecting to port 139 on your computer. If you are sharing files on a local network, this connection attempt was probably legitimate network traffic. Port 139 is commonly used by networked Windows computers to enable file sharing and other resource sharing. However, if the traffic that generated this alert came from the Internet rather than a local network, this may have been attack on your computer


I'm not sharing files on a local network. Was this an attack?