nbname and the strange IP

Hi All,

I hope everyone is doing ok.
I got an alert from Comodo today related to nbname and I got this alert on both of my computers. I first got the alert for port 137 ,138,50221,2869.

The strange thing is the IP addresses. All of the IP addresses belongs to Ministry of Defence, UK.

The records are as the following for my computer;

Application || Action || Protocol || Source IP || Source Port || Target IP || Target Port

System || Blocked || TCP || 25.18.75.220 || 50221 || 25.232.101.81 || 2869

System || Blocked || UDP || 25.18.75.220 || 137 || 25.232.101.81 || 137

System || Blocked || UDP || 25.18.75.220 || 138 || 25.232.101.81 || 138

I am kinda scared and do not know what to do. Any help will be appreciated.

Regards,

Taicho

Both your and the other IP address belong, according to the online IP address databases, to the IP range owned by the UK Defense Ministry.

This more than likely means that (part of) this range has been sold to other providers of internet services and that the IP address databases not have been updated.

At a more technical level your logs indicate that your computer connects to the web directly by a modem with no router in between. The traffic at ports 137,168 and 2869 is NETBIOS traffic; it is meant to look for other computers at the local network to see if there are folders or printers to share. However when connecting to the web directly (typically a cable connection) the NETBIOS service will probe other users of your ISP instead of the local network.

It is not a thing to directly worry about as it is the result of improper default network settings; the traffic can be benign as well as malicous.

The best thing is to set the firewall to block all incoming connections without notification.That way you won’t be notified of this traffic. To do this run the Stealth Ports Wizard and choose option 3 “Block all incoming connections and make my ports stealth for everyone”