What does this mean?
Results 1 to 5 of 5

Thread: What does this mean?

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    180

    Question What does this mean?

    Hello,
    I was looking at a pop up on ZA. It said ZA was blocking something called NET BIOS from 61.217.4.49 UDP Port 1028. I do understand that ZA block something and showed me this info with a red pop up. What does the rest mean? Thanks.

    Freddy
    cybnut

  2. #2
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Net bios is nothing to worry about unless its open and waiting for intrusions. Basicly zone alarm is telling you that its trying to stop access to that port. Checkout that IP it might have been a attemped breakin.

  3. #3
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    from Microsoft>
    The NetBIOS Name Server (NBNS) protocol, part of the NetBIOS over TCP/IP (NBT) family of protocols, is implemented in Windows systems as the Windows Internet Name Service (WINS). By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same the machine would not respond requests sent to the conflicted name anymore.

    If normal security practices have been followed, and port 137 UDP has been blocked at the firewall, external attacks would not be possible. A patch is available that changes the behavior of Windows systems in order to give administrators additional flexibility in managing their networks. The patch allows administrators to configure a machine to only accept a name conflict datagram in direct response to a name registration attempt, and to configure machines to reject all name release datagrams. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139.
    although i didn't see anything about port 1028- although take the specialists advice... see what you can get from that ip?

    /edit
    61-217-4-49.HINET-IP.hinet.net (61.217.4.49) is located in Milton, Australia.
    yeah, I\'m gonna need that by friday...

  4. #4
    Member
    Join Date
    Mar 2003
    Posts
    99
    It could mean nothing then again it could mean a trojan program is on your sys....check out googly and see what it says.....

    One interesting trojans page, with ports related to each of them
    http://www.simovits.com/sve/nyhetsar...heter9902.html

  5. #5
    Senior Member
    Join Date
    Dec 2002
    Posts
    180
    Sorry it's taken a little time to respond, I've been worken. Thanks. I'll follow up on the advise.

    Freddy
    cybnut

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •