Need help to ascertain if ip address on port 137 is a risk or not.

Hi there,

I have just cleaned off the Windows Vista Fix malware from my son’s laptop. I hae reinstalled the latest Comodo firewall free version and a warning comes up eery so often saying:

App: System

Remote: xxx. xxx. x. 7 - UDP (I have ommited the actual ip address as i don’t know if it is safe to show that. It is the same as my router except for the 7.)

Port: nbname (137)

The warning says System is a safe application but you are about to receive a connection from another computer.

As I have just got the laptop clean I am very wary of allowing anything that I don’t know is safe.
This could just be one of the other devices on our network but what would it be trying to do?

Our home network has the main wired pc. Through the wired pc I have set the router to allow our 5 laptops, 2 x-boxes and one mobile phone to have access. The router is set to not allow access by other computers.

Can someone explain to me if this is one of our machines or something else trying to connect.

Until I know I can’t make a decision on whether to block or allow and the requests keep coming all the time.


This may help.

Thanks for your very quick reply, Radaghast.

I read the post. It helps me understand somewhat. If I stealth all ports is that good? And if so how do I find where to do that, please?

As you’re part of a LAN, you will undoubtedly want some communication between devices, so the best and easiest option for ‘stealthing’ would be option 1:

“Define a new trusted network and make my ports stealth for everyone else”

This option basically creates two Global rules and Two Application rules for the System process. These rules simply allow the complete flow of file and printer sharing traffic traffic, to and from the PC with CIS installed. (see image) When you add the information regarding the network you wish to trust, you can either pick a Network zone - this is usually created automatically when you run CIS for the first time - or you can add the IP address range, such as -

Or whatever you’ve chosen for your LAN.

As an additional note, if you need the ability to share such things as using Media Player to stream media, you’ll also need to make some modifications to the application rules for svchost.exe and wmpnetwk.exe, amongst others.

[attachment deleted by admin]


Thanks for explaining that. I have only just got back to this site to see your reply.

Last night I found out that the is my son’s new laptop. I set it to ‘connect even when the network is not broadcasting’ or words to that effect and it seems to have solved the problem. The event log is empty since that time.

I will try to do as you suggest.

Also, when I re-installed Comodo on the laptop affected by the virus, the one that my son reformatted, a box popped up saying a ‘new private network has been found. Do you want to connect to it?’ I answered no and do not look for new networks because i didn’t know if this was our network or someone else’s.

So how do you know for sure which network Comodo has found?

CIS has to be directly connected to the network for discovery to happen. I’m guessing you’re behind a router of some sort, as the address you’ve indicated is probably (don’t worry, this address type is reserved for private networks and similar ranges are used by millions and other around the world) devices on the same network have similar addresses, with only the last digit changing.

If you were to change the DHCP options on the router to something like to CIS would see that as a new network. Basically, it just assumes that as your connected to the network. you may wish to share resources with others on the same network. Obviously, this is ideal for home networks but not necessarily for public hotspots, hence the option.

OK. I set option 1 on the stealth port wizard.

I chose Local Area Network #1. There was also a choice of ‘loop back zone’. What is that? Do i have to chose that also? I didn’t.

The loopback zone can be used for certain types of application that require ‘internal’ communication, for example fiefox. This zone is actually part of the pre-defined browser rule. Other than that, unless you have specific reason to create rules based around the zone, which is doubtful, you can ignore it.

OK. Well thanks for all your help, Radaghast. I’ve certainly learnt something. Just hope I can remember it!

No worries. Any problems, just come back and ask, someone will help you out.