What exactly is nbname and nbdgram?

Help for v2
1

ate/Time :2007-06-09 07:59:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.104, Port = nbname(137))
Protocol: UDP Incoming
Source: 192.168.1.104:nbname(137)
Destination: 192.168.1.255:nbname(137)
Reason: Network Control Rule ID = 5

Date/Time :2007-06-09 07:59:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.100, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 192.168.1.100:nbdgram(138)
Destination: 192.168.1.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-06-09 07:57:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.104, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 192.168.1.104:nbdgram(138)
Destination: 192.168.1.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-06-09 07:54:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.104, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 192.168.1.104:nbdgram(138)
Destination: 192.168.1.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-06-09 07:47:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.104, Port = nbname(137))
Protocol: UDP Incoming
Source: 192.168.1.104:nbname(137)
Destination: 192.168.1.255:nbname(137)
Reason: Network Control Rule ID = 5

These have been popping up every few minutes or so. I have a few hundred in my log just from the past two days.

What is nbname and nbdgram? Are they really a threat and how do I stop them?

2

Hi nullbyte, welcome to the forums.

NetBIOS over TCP/IP uses broadcasts for name resolution and registration on your LAN (UDP ports 137 and 138). This is what these CFP Log alerts are & you probably don’t use NetBIOS (not many do). Are you on a LAN with other PCs or router with its own LAN IP? Have you defined a Trusted Zone win CFP?

3

I’m on a router with two other computers.
What exactly is a trusted zone? I’ve seen the term thrown around these forums, but i have no idea what it is.

4

OK, a Trusted Zone (Advanced - Tasks) contains the LAN IPs of other PCs on the LAN (that you trust) & your router’s LAN IP (if it has one). The idea being that CFP shouldn’t interferer with the trusted LAN traffic. The router’s IP is included because the Net traffic that router delivers does not come from its LAN IP, but the original Net IP. Routers are often controlled/interrogated/maintained by their LAN IP.

There’s loads more detailed information on all this in the topic…

[url=https://forums.comodo.com/index.php/topic,1125.0.html]How To - Understanding & Creating Network Control Rules properly[/url].

Hope this helps.

PS If you’re not using NetBIOS, then I recommend you disable/remove it (XP networking configuration, nothing to do with CFP).