Firestarter - lot's of activity on ports 138, 137
I'm a home desktop user and know very little about security but I am on a cable modem connected to a home network four port router. Everything is on most of the day so I make sure I have a firewall running, even if I don't completely understand it - I am trying to learn though. Anyway, I recently installed Mandrake 10 (a clean install from 9.2) and I activated the basic firewall during the installation proceedure. Today, I thought I'd install Firestarter because it has the nifty hit logging function. As soon as I started Firestarter, I got a series of hits:
Time: Aug 13 15:22:36 Source: 192.168.2.10 Destination: 192.168.2.255 In IF: eth0 Out IF: Port: 138 Length: 214 ToS: 0x00 Protocol: udp Service: netbios-dgm
Time: Aug 13 15:22:43 Source: 192.168.2.10 Destination: 192.168.2.255 In IF: eth0 Out IF: Port: 137 Length: 96 ToS: 0x00 Protocol: udp Service: netbios-ns
Time: Aug 13 15:22:49 Source: 192.168.2.10 Destination: 192.168.2.255 In IF: eth0 Out IF: Port: 138 Length: 214 ToS: 0x00 Protocol: udp Service: netbios-dgm
Time: Aug 13 15:24:42 Source: 192.168.2.10 Destination: 192.168.2.255 In IF: eth0 Out IF: Port: 137 Length: 78 ToS: 0x00 Protocol: udp Service: netbios-ns
Time: Aug 13 15:24:47 Source: 192.168.2.10 Destination: 192.168.2.255 In IF: eth0 Out IF: Port: 137 Length: 78 ToS: 0x00 Protocol: udp Service: netbios-ns
Time: Aug 13 15:24:47 Source: 192.168.2.10 Destination: 192.168.2.255 In IF: eth0 Out IF: Port: 138 Length: 202 ToS: 0x00 Protocol: udp Service: netbios-dgm
It went on like this for about 15 minutes then I got tired of looking at it and set a rule to block and stop logging port. Anyone know what all this activity is about?
|