Firewall log that caught my attention
So, it was a normal night, I was chillin online doing my thing. Then I started looking at my firewall logs and found that everytime I log on to AOL Instant Messenger, I can see my firewall block NETBIOS traffic to an AIM address. Why on earth is AOL attempting a Netbios connection? Check it out for yourself...anybody know whats up with that?
Block NetBIOS Traffic *NetBIOS 64.12.26.41 NETBIOS_NS Outbound UDP
Re: Firewall log that caught my attention
Quote:
Originally posted here by Dr Toker
So, it was a normal night, I was chillin online doing my thing. Then I started looking at my firewall logs and found that everytime I log on to AOL Instant Messenger, I can see my firewall block NETBIOS traffic to an AIM address. Why on earth is AOL attempting a Netbios connection? Check it out for yourself...anybody know whats up with that?
Block NetBIOS Traffic *NetBIOS 64.12.26.41 NETBIOS_NS Outbound UDP
The key here is this: NETBIOS_NS
Your system is essentially trying to use netbios to resolve names. This is default Windows behaviour (especially Win2k/XP) and unless you disable netbios over tcp/ip and unbind the netbios services (which will kill microsoft network), there really isn't anyway to stop this. Essentially Windows uses the netbios name service as a fallback to DNS (considering that M$ now calls bind 'legacy DNS', that should be a rough approximation on how they do things... :rolleyes: ). It usually will not resort to netbios unless it is either a last effort to resolve the name, part of microsoft networking, or specifically built into the product you are using (in this case AOL instant messenger, webtrends is another program that does this).
My guess it is built into it to check netbios names...
Regardless, I wouldn't worry about it too much.
/nebulus
EDIT:
Quote:
It could be that the messenger program is trying to send info out on that port, And seeing that is a netbios port usually, the scanner thought that this traffic what actually netbios traffic?
I find the chances of this to be almost 0%, even though possible. AOL to my knowledge doesn't use UDP datagrams in that fashion, but rather uses TCP. On top of that, picking port 137 would be very ill-advised in that many locations prevent that port from being used from outside of their internal networks. While possible, I think it is much more plausible that the program is simply trying to resolve a name...