PDA

Visualizza versione completa : ahhhhhhhhhhh CHE SIGNIFICA?


Mr.Dirty
03-11-2001, 10.42.32
NAVIGAVO QUA E LA E ALL'IMPROVVISO IL FIREWALL SEGNALA UN ATTACCO, PENSO SIA UNO DI QUEI COOKIE INVADENTI MA.... LA PAGINA CHE VISITAVO STATA RIMANDATA A UNA DI ZONE LABS (USO ZONE ALARM FREE) CON QUESTE INFORMAZIONI, CHE SIGNIFICA?


ZoneAlarm has blocked an inbound communication on NetBIOS port 137 on your computer



--------------------------------------------------------------------------------


The ZoneAlarm firewall has successfully stopped Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe.


What happened? Should I be concerned? What should I do? Alert Summary Technical Discussion Related Links


What Happened?
A computer located at IP address 192.168.178.213 tried to access your computer using one of your computer's NetBIOS ports, port 137. NetBIOS is part of Windows, that allows your computer to share files and printers with other computers. ZoneAlarm prevented the computer at 192.168.178.213 from being able to see or access your files or printers, or to know what your computer name is.

Should I be concerned?
NetBIOS is an important part of networking, but is easily used for malicious purposes. ZoneAlarm allows you to easily control who has access to NetBIOS on your computer. Because you are running ZoneAlarm, your NetBIOS ports are hidden from computers on the Internet.

What should I do?
Using passwords to secure your File and Printer Sharing is a basic step in preventing unauthorized browsing, running, or deletion of files from your computer. Because some Windows computers come preconfigured with insecure NetBIOS configurations, it is a very good idea to make sure you have password protection set up on your shares.


Alert Summary

From To
IP Address: 192.168.178.213 IP Address: 151.15.72.xxx
Host Name: Who is this?
ZoneAlarm Pro feature Host Name: Who is this?
ZoneAlarm Pro feature
Port: 137 Port: 137
Program: File Name:







Technical Discussion
Ports 137, 138 and 139 are the three NetBIOS ports on your computer. NetBIOS uses these ports to make your computer's resources available to other computers on the network. But you probably don't want the entire Internet to share yours!

One common reason for receiving this alert from ZoneAlarm is that someone on the Internet is scanning a block of IP addresses looking for computers with open file or printer shares. The fact that someone is running a scan does not mean that you currently have ports or shares open. Nor does it mean that there is any malicious software installed on your computer or that you are being attacked.

However, if you do have any exposed shares on your system, and if they are discovered, someone could exploit that knowledge by stealing information, deleting critical files, or planting malicious files on your system. If ZoneAlarm had not been protecting your machine, an open NetBIOS port could have eventually allowed someone to have access to your private files.

There are legitimate reasons why NetBIOS scans and broadcasts might be sent to your NetBIOS ports. We list some of these reasons below:

Legitimate NetBIOS scans exist. NetBIOS scans are used to identify and catalog specific types of files, like videos or MP3 music files. These types of files are shared and made available over the Internet through NetBIOS technology. NetBIOS scans are required for them to be shared. See the link below for more information about this type of use.
Legitimate NetBIOS broadcasts also exist. Computers on Windows networks periodically broadcast NetBIOS queries to refresh information used for displaying network directories, such as the directories you see displayed in Network Neighborhood. Users of the ZoneAlarm Pro product have the option of suppressing firewall alerts for these legitimate NetBIOS queries.
Legitimate NetBIOS queries are sent to your machine when you attempt to contact another computer. This is the other computer's method of finding out the identity of the computer initiating the contact.
If you try to find out who attempted to communicate with your computer on 137, please save the information from the alert, either by bookmarking this page or by referring to a summary of the alert data which can be maintained by ZoneAlarm in a log file on your computer. If alert logging is enabled, the default location of the alert log file is c:\windows\internet logs\ZAlog.txt or c:\winnt\internet logs\ZAlog.txt, depending on your operating system. Alert logging may be turned on or off on the Alerts panel.

Don't panic! It is very unlikely that you have been singled out for an attack. If you haven't already done so, be sure to check your network configuration for vulnerability to NetBIOS exploitation. ZoneAlarm should be your secondary line of defense against compromise via NetBIOS.


--------------------------------------------------------------------------------

Related Links

Related articles from the Zone Labs Knowledgebase:

NetBIOS Scans used to Catalogue the Internet

twinpigs
03-11-2001, 11.06.05
.,