os:winme
Kernel32.dll sending packets- pls help
Firewall( sygate perssonal firewall)

File name – kernel32.dll sending udp packets via port 137.139.138.with gui rules (GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP )
As a solution I remove the bios service . but now am getting udp packets toward 137.138.139.68 ports
I tied blocking that rules by doing this
Rules: (GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP(
Action: block this traffic
Hosts : all
Appliction : all [ internet explorer- included ]- pressing ok 4 saving that.

Result :
First I get this informtion alert frome the firewall [ appliction Win32 kernel core component
has been blocked,file namekernel32.dll

When I run the browser –IE- I get a firewall-informtion alert[ appliction internet explore has
been blocked, file name iexplore.exe
When I checkd the running appliction log :
Appliction : internet explore.exe
Protocol: udp
Status : listen
Local port : 1149
Remot port : nothin here
Ip address: 127.0.0.1->0.0.0.0
Process: 4293025521
Appliction path C:\ program files\ internet explore\ IEXPLORE.EXE.

some rules which are records in the trafic log
-------1--------
rule: Block all
application name: nothing here
source port : 68
source IP : 0.0.0.0 ( sorce port and source ip indication to my pc port and my ip )
desttination host : 255.255.255.255
source port : 67
direction: incoming
protocol: udp
action : blocked
-------2-------
rule: allow non-first fragment ( 1st time seeing this rule since I use sygate firewall)
application name: nothing here
source port : 0
source IP : x.x.x.x ( its not my ip)
desttination host : x.x.x.255( the 1st 3 parts belong to the network that my pc connect to
source port : 0
direction: incoming
protocol: udp
action : allowed

--------3---------
rule: GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_100
application name: nothing here
source port : 137
source IP : x.x.x.x( ip belonge to the network…etc)
desttination host : x.x.x.255 ( same ip in no (2)
source port : 137
direction: incoming
protocol: udp
action : blocked
when I allow the hall trafic ( both incoming \outgoing)one of the rule is
rule: allow all ( i allow it)
application name:C:\windows\system\kernel32.dll
source port : 68
source IP : 0.0.0.0
desttination host : 255.255.255.255
desttination port : 67
direction: incoming
protocol: udp
action : outgoing
--
I need ur help in:
Is that traffics ( udp packets) normal?( I saw that packets sent by the kernel32.dll in many diffrient pcs.
blocking kernel32.dll.how?
What if I dellet the file kernel32.dll?
what is this rule about(allow non-first fragment)?
Ips ( 0.0.0.0,255.255.255.255) when try to add a rule 4 blocking those ip .firewall alert its notcorrect ips, so why they seen in the firewall traffic log ?
I copy and past the rules from the firewall log avoiding the mistakes.
Sorry 4 the caps and thanx n advance.

coolcamel