nbname port 137

[Guest]

[gleach]

hi,
   i recived a firewall alert, please see attachment, system is trying to connect to the internet, which cis belives is safe and should be allowed. wikipedia, however, says something entirely different. http://en.wikipedia.org/wiki/NBName   

so, is this a legitimate request or a DOS attack?

[Bad Frogger]

Hi gleach,

NBName is a virus - nbname is a legitimate process.

google it without the caps.

Later

[HeffeD]

nbname(137) is the port used for the netbios name service. (nbname) You can see both UDP and TCP traffic on port 137.

As the application trying to access the port is System and not NBName, it's legitimate.

[gleach]

i feel a little foolish, apparently im the victim of a typo and my own paranoia, thank you mr frogger and heffeD

[Bad Frogger]

NP your welcome.

Fools don't ask when in doubt.

[HeffeD]

As Bad Frogger said, it's never foolish to ask a question when you are unsure of something.

[Eloquent]

  Terrible response. A port scan registered as a System process should be looked at even more suspiciously than any other.
I received this alert from 83. - Poland. Why in the world would I want to allow such traffic?
Consider taking more time to analyze issues in detail.

[Bad Frogger]

The thread is over a year old.

Who said anything about a port scan?

Perhaps you could consider more attention also.

Bad

[worldwidewiretap]

Just to add on this.. My CIS will notify me of the same alert (nbnname port 137) also every time I boot up.  This port block usually happens on my XP systems when running through networks.  I found some interesting information on the subject of this port, along with 138, and 139, which according to the author of the articles I came across, Microsoft uses these ports for "the transport of their existing NetBIOS protocol over IP-based LAN and WAN networks. The horrors of insecurity resulting from Microsoft's exposure of their NetBIOS protocol to the Internet are legendary."

From my network configurations, this makes sense, and I prefer to block these ports, only because I do not share anything to or with any pc's, or phones, or pads, etc.. which connect to the network.. I simply block the port access upon each boot & I do NOT choose the remember my answer tab in the event I would actually like to share a file or printer with another device connected to the network.

Thats my 2 cents on the issue..

Related Article: http://www.grc.com/port_137.htm

[Tags:]