Author Topic: Port 137 abomination  (Read 283 times)

Offline Max2015

  • Comodo Loves me
  • ****
  • Posts: 112
Port 137 abomination
« on: February 20, 2022, 01:11:16 PM »
I've recently switched to a new computer, running Windows 11. This is what I've been noticing on the first serious day of use:


Every now and then, the system seems to graciously send out packets to port 137 to external IPs. How is this possible? It makes me feel Windows 7 was more secure. The above example was after I added a custom rule to block this so it's blocked. But before that, it was "allowed", and in return the external IP responded with ICMPv4 "destination unreachable".

Offline aim4it

  • Comodo's Hero
  • *****
  • Posts: 597
Re: Port 137 abomination
« Reply #1 on: February 20, 2022, 03:50:37 PM »
UDP 137 traffic is Windows NetBIOS protocol. It is used for File and Printer sharing. It shouldn't be allowed outside a LAN.  Are you connected to a router or just straight into the ISP's modem?

Offline Max2015

  • Comodo Loves me
  • ****
  • Posts: 112
Re: Port 137 abomination
« Reply #2 on: February 20, 2022, 03:53:35 PM »
I know it's for sharing. That's why I'm asking. I'm behind router/firewall. It seems like it's trying to reach IPs from other activities (browsing etc.).

Offline C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 855
Re: Port 137 abomination
« Reply #3 on: February 21, 2022, 03:20:30 AM »
I know it's for sharing. That's why I'm asking. I'm behind router/firewall. It seems like it's trying to reach IPs from other activities (browsing etc.).
Hi Max2015,

Thank you for reporting, CIS v12.2.2.8012 is released to be compatible only with win 7, 8 & 10.
However, may i know exactly what you did and what happened?
Are you using CIS/CFW ?

Thanks
C.O.M.O.D.O RT

Offline Max2015

  • Comodo Loves me
  • ****
  • Posts: 112
Re: Port 137 abomination
« Reply #4 on: February 21, 2022, 10:48:00 AM »
Found the culprit. There's an "obscure" setting which I completely forgot about in all these years. I had to disable "NetBIOS over TCP/IP" for the ethernet adapter. It's clean now.
https://www.thewindowsclub.com/enable-or-disable-netbios-over-tcp-ip-on-windows-10

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek