Port 137 abomination

[Max2015]

I've recently switched to a new computer, running Windows 11. This is what I've been noticing on the first serious day of use:


Every now and then, the system seems to graciously send out packets to port 137 to external IPs. How is this possible? It makes me feel Windows 7 was more secure. The above example was after I added a custom rule to block this so it's blocked. But before that, it was "allowed", and in return the external IP responded with ICMPv4 "destination unreachable".

[aim4it]

UDP 137 traffic is Windows NetBIOS protocol. It is used for File and Printer sharing. It shouldn't be allowed outside a LAN.  Are you connected to a router or just straight into the ISP's modem?

[Max2015]

I know it's for sharing. That's why I'm asking. I'm behind router/firewall. It seems like it's trying to reach IPs from other activities (browsing etc.).

[C.O.M.O.D.O RT]

I know it's for sharing. That's why I'm asking. I'm behind router/firewall. It seems like it's trying to reach IPs from other activities (browsing etc.).

Hi Max2015,

Thank you for reporting, CIS v12.2.2.8012 is released to be compatible only with win 7, 8 & 10.
However, may i know exactly what you did and what happened?
Are you using CIS/CFW ?

Thanks
C.O.M.O.D.O RT

[Max2015]

Found the culprit. There's an "obscure" setting which I completely forgot about in all these years. I had to disable "NetBIOS over TCP/IP" for the ethernet adapter. It's clean now.
https://www.thewindowsclub.com/enable-or-disable-netbios-over-tcp-ip-on-windows-10