Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: firewall blocked attempt on port 139

  1. #11
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by JAZZMAN
    (Which basically means that it is a illegal connection)......why would connecting through a proxy be illegal?
    It would be illegal if it is a non tax paid connection And basically the whole LAN of my cable service provider is illegal.
    nobody is perfect i am nobody

  2. #12
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by ByTeWrangler
    Greeting's

    I agree with nihil, they are nothing but probes but anyway if you want to be extra secure you can right click on these ip's (in the logs section of zonealarm firewall) and add them to "untrusted zone" this will help because zonealarm will not let your compuer communicate with that IP address.


    Reply to littlenick's post :

    If you can you should give us atleast detail of port at which these websites were trying to connect too, it might help us get a more precise reply also including you oprating system and the firewall you use should help.
    Well i don't really remember Port numbers(sorry for that).

    What is important to me is why would any web site try to connect to a port number on my PC when that port is not open(infact that site tried to connect to 2 ports both were closed).

    How can a web site that i never visited get my IP address(specially when my LAN is behind a proxy server).
    nobody is perfect i am nobody

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi littlenick,

    If you PM me with the website details I will try to take a (VERY DISCRETE) look. I have the advantage of a number of labrats (test boxes) that I do not care what happens to, as I just blitz a mirror back onto them............you need to do that each time you start a new project, ( to get a level playing field or "sterile environment") so it is no big deal.

    OK.....on to your question: as you are behind a proxy, you should not be sending out your IP address beyond the proxy. So, it seems logical to me that either your IP address was known BEFORE you started using the proxy, or something on your machine is "phoning home".

    There is a vague possibility that a random scan found the proxy and asked for your IP address.........in which case the proxy would forward the packets...........it shouldn't!

    Do you have a fixed IP address and a fixed proxy? if so, then it would be slightly more understandable?

    I would do a full anti-spyware/adware scan (SAFE MODE please ) an online AV scan (PC-Cillin/Panda) and get the free version of ZoneAlarm, and set it to maximum security. I am not saying that ZA is the best firewall by any means, but it is a quick check for stuff trying to connect outwards from your computer. Check your BHOs clear your cookies and cache (don't forget the Java cache) history, temporary files etc. PATCH your OS!!!!!!...........you know the drill?

    This is a VERY simplistic way of looking at it:

    say I am 456.456.456.456 and my proxy is 123.123.123.123.

    I send a message to 666.666.666.666, who thinks that it is 123.123.123.123 talking, and responds accordingly. 123.123.123.123 passes the message on, and it is received by 456.456.456.456.

    In theory, the proxy should not respond to a message it did not initiate so if 666.666.666.666 sends a packet "out of the blue" and says deliver that to 456.456.456.456, it should not respond if it is acting as a true proxy. This might indicate that the proxy is compromised/not working properly or you have "something nasty in the woodpile"

    Good luck


  4. #14
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by nihil


    If you PM me with the website details I will try to take a (VERY DISCRETE) look. I have the advantage of a number of labrats (test boxes) that I do not care what happens to, as I just blitz a mirror back onto them............you need to do that each time you start a new project, ( to get a level playing field or "sterile environment") so it is no big deal.

    OK.....on to your question: as you are behind a proxy, you should not be sending out your IP address beyond the proxy. So, it seems logical to me that either your IP address was known BEFORE you started using the proxy, or something on your machine is "phoning home".

    There is a vague possibility that a random scan found the proxy and asked for your IP address.........in which case the proxy would forward the packets...........it shouldn't!

    Do you have a fixed IP address and a fixed proxy? if so, then it would be slightly more understandable?

    Well nihil as i said before it is a illegal internet connection has no record and to my understanding has no global ip address(i believe).
    My PC is a part of a LAN and i am not sure how a web site can find out my ip address
    There is some additional information in PM.

    Thanks
    nobody is perfect i am nobody

  5. #15
    Most likely this is just a port scan by a script kiddie who is trying to gather information about your Microsoft machines. If you are not being scanned then you are not connected to the internet! Ports 136 - 139 TCP or UDP are strictly for the good old boys at Microsoft which were used to provide info for a domain controller regarding your windows machines on a windows domain. Obviously this was not a good idea because someone with too much time on their hands has created tools which mine data on those ports for later use. Here is a short list of those ports from the fine folks at IANA. Credit this website with the listing:

    http://www.iana.org/assignments/port-numbers

    profile 136/tcp PROFILE Naming System
    profile 136/udp PROFILE Naming System
    netbios-ns 137/tcp NETBIOS Name Service
    netbios-ns 137/udp NETBIOS Name Service
    netbios-dgm 138/tcp NETBIOS Datagram Service
    netbios-dgm 138/udp NETBIOS Datagram Service
    netbios-ssn 139/tcp NETBIOS Session Service
    netbios-ssn 139/udp NETBIOS Session Service

    I also recommend self scanning to learn a little bit more about what your system is doing. For your microsoft machines use the netstat command. A pretty good tutorial about that is located here:

    http://www.microsoft.com/resources/d...s/netstat.mspx

    This will identify those connections that are just waiting for a script to be thrown there way. I hope that helps....

  6. #16
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    I had the same problem awhile back, in fact it was one the first questions I asked when I joined this site...I was regularly being informed ( about 33 times a day ) by Zone Alarm that NetBios was trying to connect to port 139..and I am on a home comp not on a network....
    then all of a sudden it stopped...and I'm not sure why but it coincidentily stopped about the same time I stopped going to another computer forum I was attending ( that often joked about the fun they had hacking and playing their little practical jokes...I don't think there was any regular member or staff over the age of 22...they had mods as young as 14 ) where I had words with one of their members who is an IT administrator ( age 19 ), and I haven't had the problem since.

  7. #17
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Cool, after reading up a little on Zone Alarm (not to mention it was giving me the BSOD about 20 seconds after I logged on) I switched to Sysgate. Hopefully I'll be a little more protected...

    .... Now about the illegit versions of windows and not being able to get a patch... Oh well. I've been meaning to buy it anyway, now I have to...
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •