nbname port 137

gleach · April 17, 2009, 5:28pm

hi,
i recived a firewall alert, please see attachment, system is trying to connect to the internet, which cis belives is safe and should be allowed. wikipedia, however, says something entirely different. NBName - Wikipedia

so, is this a legitimate request or a DOS attack?

[attachment deleted by admin]

Bad_Frogger · April 17, 2009, 5:42pm

Hi gleach,

NBName is a virus - nbname is a legitimate process.

google it without the caps.

Later

HeffeD · April 17, 2009, 5:50pm

nbname(137) is the port used for the netbios name service. (nbname) You can see both UDP and TCP traffic on port 137.

As the application trying to access the port is System and not NBName, it’s legitimate.

gleach · April 17, 2009, 6:57pm

i feel a little foolish, apparently im the victim of a typo and my own paranoia, thank you mr frogger and heffeD

Bad_Frogger · April 17, 2009, 7:04pm

NP your welcome.

Fools don’t ask when in doubt.

HeffeD · April 17, 2009, 7:08pm

As Bad Frogger said, it’s never foolish to ask a question when you are unsure of something.

Eloquent · August 6, 2010, 10:58am

:-\ Terrible response. A port scan registered as a System process should be looked at even more suspiciously than any other.
I received this alert from 83. - Poland. Why in the world would I want to allow such traffic?
Consider taking more time to analyze issues in detail.

Bad_Frogger · August 6, 2010, 8:52pm

The thread is over a year old.

Who said anything about a port scan?

Perhaps you could consider more attention also.

Bad

worldwidewiretap · August 1, 2011, 10:31pm

Just to add on this… My CIS will notify me of the same alert (nbnname port 137) also every time I boot up. This port block usually happens on my XP systems when running through networks. I found some interesting information on the subject of this port, along with 138, and 139, which according to the author of the articles I came across, Microsoft uses these ports for “the transport of their existing NetBIOS protocol over IP-based LAN and WAN networks. The horrors of insecurity resulting from Microsoft’s exposure of their NetBIOS protocol to the Internet are legendary.”

From my network configurations, this makes sense, and I prefer to block these ports, only because I do not share anything to or with any pc’s, or phones, or pads, etc… which connect to the network… I simply block the port access upon each boot & I do NOT choose the remember my answer tab in the event I would actually like to share a file or printer with another device connected to the network.

Thats my 2 cents on the issue…

Related Article: GRC | Port Authority, for Internet Port 137