I’m curious about a firewall alert I had yesterday. System attempted to connect to the internet on port nbname(137). I looked up the IP https://ipdb.at/ip/188.8.131.52 and it is registered in Perth, Australia to a company called MetaTECH. I did a whois for the hostname Whois Lookup Captcha rather than visiting the site and they appear to be financial advisers. I also noticed that the site has no WOT or Avast WebRep rating, I don’t know whether that is a good or a bad thing, more likely bad I suppose.
Anyway, naturally, I blocked this connection attempt but I am very curious as to what this might have been about. Seems pretty dodgy to me. In my naivety it sounds like what may happen if my computer was to be part of a DDoS attack? I am happy to believe this was a harmless occurrence but do not know enough about this kind of thing to rule out some nefarious activity. This has happened once before on the same port, but on looking up the IP address it appeared to be registered to Java. I also blocked this attempt as I wasn’t sure.
Anyone know what this could have been about, or had similar experiences?
Any feedback is appreciated.
Just checked the log and it was in fact an inbound connection i think - it was a UDP connection, for the source it says 184.108.40.206 and destination 192.168.1.3 so I guess that makes it inbound? I suppose that would rule out my (super-paranoid) DDoS theory!
I’ve looked in the port forwarding section of my router and no ports are listed there. Wouldn’t it be listed there if it was open, and wouldn’t I have to have opened it? I can’t see any immediately obvious sections on my router settings that would allow me to close ports. Do you know which section I would have to go into to do this?