I’m curious about a firewall alert I had yesterday. System attempted to connect to the internet on port nbname(137). I looked up the IP https://ipdb.at/ip/203.55.18.106 and it is registered in Perth, Australia to a company called MetaTECH. I did a whois for the hostname Whois Lookup Captcha rather than visiting the site and they appear to be financial advisers. I also noticed that the site has no WOT or Avast WebRep rating, I don’t know whether that is a good or a bad thing, more likely bad I suppose.
I did a bit of Googling as to what nbname is as this is beyond my level of understanding. Apparently NBName is a virus whereas nbname is a legitimate process https://forums.comodo.com/leak-testingattacksvulnerability-research/nbname-port-137-t38043.0.html though I don’t see how a company not affiliated with any of the software on my computer can legitimately request an internet connection from my computer?
Anyway, naturally, I blocked this connection attempt but I am very curious as to what this might have been about. Seems pretty dodgy to me. In my naivety it sounds like what may happen if my computer was to be part of a DDoS attack? I am happy to believe this was a harmless occurrence but do not know enough about this kind of thing to rule out some nefarious activity. This has happened once before on the same port, but on looking up the IP address it appeared to be registered to Java. I also blocked this attempt as I wasn’t sure.
Anyone know what this could have been about, or had similar experiences?
Any feedback is appreciated.
Just checked the log and it was in fact an inbound connection i think - it was a UDP connection, for the source it says 203.55.18.106 and destination 192.168.1.3 so I guess that makes it inbound? I suppose that would rule out my (super-paranoid) DDoS theory!
I’ve looked in the port forwarding section of my router and no ports are listed there. Wouldn’t it be listed there if it was open, and wouldn’t I have to have opened it? I can’t see any immediately obvious sections on my router settings that would allow me to close ports. Do you know which section I would have to go into to do this?
There are two things that can explain the alert you got.
The first one is that your computer is in Demilitarised Zone (DMZ). In DMZ your computer is set outside the router/firewall zone and is directly connected to the web.
Or more likely is that the ports are opened by an application that used the Universal Plug and Play framework that did not close it.