I’ve noticed in CIS firewall logs that on my Windows 10 tablet, System is making UDP connections from 10.127.127.1 to 10.127.127.255 (port 138 on both sides) every couple of minutes - even when it’s in sleep & airplane mode. Seems like some sort of network neighborhood broadcast, but the IP of the device is otherwise in 192.168.x.x range.
What service and setting could be responsible for it?
UDP port 138 is NetBIOS over TCP/IP datagram distribution services the IP belongs to the 10.0.0.0/8 RFC 1918 private IP address block. Refer to this microsoft technet article NetBIOS Over TCP/IP | Microsoft Learn which list the ports used by netbios and how to disable the service. You can also set the startup type to disabled for the TCP/IP NetBIOS helper in windows services.
My main “concern” was that it’s in 10.x.x.x range, whereas my IP is in 192.168.x.x range. In the meantime I found an additional network adapter, named like “TAP Windows V9”. It might be related to this - can I disable it? I have no idea who put it there - I presume it’s VPN related, which I don’t use there. (Strange that the VirtualBox installation didn’t add that second adapter, though.)
Yes you can disable the adapter if you are not using a VPN though if you are using one of the paid versions of CIS it may have been from comodo trustconnect that comes with CIS.