Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall alert


  • Please log in to reply
1 reply to this topic

#1 jakeed

jakeed

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 29 March 2013 - 12:13 PM

Hi all,

 

I'm curious about a firewall alert I had yesterday. System attempted to connect to the internet on port nbname(137). I looked up the IP https://ipdb.at/ip/203.55.18.106 and it is registered in Perth, Australia to a company called MetaTECH. I did a whois for the hostname http://whois.domaintools.com/boutiquewealth.com.au rather than visiting the site and they appear to be financial advisers. I also noticed that the site has no WOT or Avast WebRep rating, I don't know whether that is a good or a bad thing, more likely bad I suppose.

 

I did a bit of Googling as to what nbname is as this is beyond my level of understanding. Apparently NBName is a virus whereas nbname is a legitimate process http://forums.comodo.com/leak-testingattacksvulnerability-research/nbname-port-137-t38043.0.html though I don't see how a company not affiliated with any of the software on my computer can legitimately request an internet connection from my computer?   

 

Anyway, naturally, I blocked this connection attempt but I am very curious as to what this might have been about. Seems pretty dodgy to me. In my naivety it sounds like what may happen if my computer was to be part of a DDoS attack? I am happy to believe this was a harmless occurrence (though don't really see how it can be) but do not know enough about this kind of thing to rule out some nefarious activity. This has happened once before on the same port, but on looking up the IP address it appeared to be registered to Java. I also blocked this connection attempt as I wasn't sure.

 

Anyone know what this could have been about, or had similar experiences?

Any feedback is appreciated.

 

-Paranoid internet user.

 

 



BC AdBot (Login to Remove)

 


#2 zzz7

zzz7

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 29 March 2013 - 03:58 PM

If you're not on a network,you should disable that port and a few others. http://ssj100.fullsubject.com/t181-how-to-disable-ports-135-137-139-445-windows-xp




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users