March 11th, 2003, 07:23 AM
What does this mean?
I was looking at a pop up on ZA. It said ZA was blocking something called NET BIOS from 18.104.22.168 UDP Port 1028. I do understand that ZA block something and showed me this info with a red pop up. What does the rest mean? Thanks.
March 11th, 2003, 08:07 AM
Net bios is nothing to worry about unless its open and waiting for intrusions. Basicly zone alarm is telling you that its trying to stop access to that port. Checkout that IP it might have been a attemped breakin.
March 11th, 2003, 02:51 PM
although i didn't see anything about port 1028- although take the specialists advice... see what you can get from that ip?
The NetBIOS Name Server (NBNS) protocol, part of the NetBIOS over TCP/IP (NBT) family of protocols, is implemented in Windows systems as the Windows Internet Name Service (WINS). By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same – the machine would not respond requests sent to the conflicted name anymore.
If normal security practices have been followed, and port 137 UDP has been blocked at the firewall, external attacks would not be possible. A patch is available that changes the behavior of Windows systems in order to give administrators additional flexibility in managing their networks. The patch allows administrators to configure a machine to only accept a name conflict datagram in direct response to a name registration attempt, and to configure machines to reject all name release datagrams. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139.
61-217-4-49.HINET-IP.hinet.net (22.214.171.124) is located in Milton, Australia.
yeah, I\'m gonna need that by friday...
March 11th, 2003, 03:10 PM
It could mean nothing then again it could mean a trojan program is on your sys....check out googly and see what it says.....
One interesting trojans page, with ports related to each of them
March 13th, 2003, 11:22 PM
Sorry it's taken a little time to respond, I've been worken. Thanks. I'll follow up on the advise.