Curious about port 137/nbname


I’ve seen some strange outgoing connections to various ip’s on port 137 (aka nbname according to Comodo)

Here are the alerts for three of them:

The first IP is, according to, from Israel, with no additional information really.

Why would my computer attempt to connect to it?

Another one is
Information from ip-lookup:

OrgName: SAS Institute, Inc.

Why is “System” (what process is this?), trying to connect to some “leader in business analytics”?

Any additional information would be helpful. Do I need to be worried? What are those connections?


While writing, it tried to connect to in Saudi Arabia?!

role: Saudi Telecom Co. Registry Admin-C contact
address: King Fahad Road, Abraj Atta’awuneya(NCCI Building), South Tower, 4th floor, Saudi Net


Thank you

I am kinda having the same issue, so I guess I dont have to create a new thread
The same System tries to connect using port 137 using hte UDP protocol
and the source port being and the destination port being
both the ips belong to china and I am from India.
Neither the source of the destination is my IP, what kinda transfer between 2 IPs from China is
going to use an IP at India???

Here is the firewall log :

Apparently the two of you are directly connected to the web by a modem with no router present.

Do not respond to requests on ports 135-139 as they are for NETBIOS; which is about sharing files over the local network. And since there is no local network you would be sharing with unknown users.

The solution is to set the firewall to stealth settings by choosing “Block all incoming connections and make my ports stealth for everyone” in the Stealth Ports Wizard. That way you won’t get these alerts anymore. They will be discarded by the firewall.

@Eric Hello, Thanks for your response. I already have my ports stealthed…
And for me the solution was to disable NETBIOS as I do not have any other system connected in lan or a printer or other network device to connect to me.
Stealthing the port dint help for me.

@Russiancat Make sure you arent trying to broadcast to the devices on your lan.
If there are no other computers on your lan, I would advise you to disable NETBIOS.
In few cases it can’t be a virus causing this. Those IP would have been the local ip of different devices that you have connected. When you try to look up it will point to random locations.
To make sure thats not the case, check the local IP of different devices connected to your system and ifits to that ip the requests are going. and set the local ip in the range to
and check for the nbdgram. if they also change to 192.168 then you dont have anything to worry about.

If you get the outgoing to the ips you listed even after changing your local ip, then you are having a trojan or some logger. I bet you let windows choose your local ip which is the reason for the issue as there are not many trojans which uses port 137 or 138 and a UDP connection.