Couldn't be simpler could it?
#1
Scooby Regular
Thread Starter
Join Date: Dec 2002
Location: Logged Out
Posts: 10,221
Likes: 0
Received 0 Likes
on
0 Posts
Couldn't be simpler could it?
Right, nothing better to do than have a look around my firewall/virus suite to see if anything makes sense. I was surprised to see in my 'Alerts and logs' a great number of high/medium rated firewall 'visits' from what appears to be the same address. I haven't got a clue what the drivel means but maybe someone in here does. The explanation from Zonealarm is at the bottom of this post and I guess it could be the fact somebody on the wireless pc is the cause?
Description Packet sent from 192.168.1.3 (NetBIOS Name) to 192.168.1.2 (NetBIOS Name) was blocked
Rating High
Date / Time 2005/11/20 13:59:00-0:00 GMT
Type Firewall
Protocol UDP
Program
Source IP 192.168.1.3:137
Destination IP 192.168.1.2:137
Direction Incoming
Action Taken Blocked
Count 4
Source DNS
Destination DNS SPOON
Okay, on looking up the ip address I get this lot of waffle!
% Information related to '192.168.0.0 - 192.168.255.255'
inetnum: 192.168.0.0 - 192.168.255.255
netname: IANA-CBLK-RESERVED1
descr: Class C address space for private internets
descr: See http://www.ripe.net/db/rfc1918.html for details
country: EU # Country is really world wide
org: ORG-IANA1-RIPE
admin-c: RFC1918-RIPE
tech-c: RFC1918-RIPE
status: ALLOCATED UNSPECIFIED
remarks: Country is really worldwide
remarks: This network should never be routed outside an enterprise
remarks: See RFC1918 for further information
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
source: RIPE # Filtered
organisation: ORG-IANA1-RIPE
org-name: Internet Assigned Numbers Authority
org-type: IANA
address: see http://www.iana.org
remarks: The IANA allocates IP addresses and AS number blocks to RIRs
remarks: see http://www.iana.org/ipaddress/ip-addresses.htm
remarks: and http://www.iana.org/assignments/as-numbers
e-mail: bitbucket@ripe.net
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: RFC1918 Role
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
e-mail: rfc1918@ripe.net
remarks: trouble: See http://www.ripe.net/db/rfc1918.html
admin-c: RFC1918-RIPE
tech-c: RFC1918-RIPE
nic-hdl: RFC1918-RIPE
mnt-by: RFC1918-MNT
source: RIPE # Filtered
ZoneAlarm Security Suite prevented a remote computer from connecting to port 139 on your computer. If you are sharing files on a local network, this connection attempt was probably legitimate network traffic. Port 139 is commonly used by networked Windows computers to enable file sharing and other resource sharing. However, if the traffic that generated this alert came from the Internet rather than a local network, this may have been attack on your computer.
It all reads like a load of bollócks to me but it made me think enough to post this as I'm sure 95% of people with virus/firewall software haven't got a clue what it does or doesn't.
So, who's the bravest nerd?
Description Packet sent from 192.168.1.3 (NetBIOS Name) to 192.168.1.2 (NetBIOS Name) was blocked
Rating High
Date / Time 2005/11/20 13:59:00-0:00 GMT
Type Firewall
Protocol UDP
Program
Source IP 192.168.1.3:137
Destination IP 192.168.1.2:137
Direction Incoming
Action Taken Blocked
Count 4
Source DNS
Destination DNS SPOON
Okay, on looking up the ip address I get this lot of waffle!
% Information related to '192.168.0.0 - 192.168.255.255'
inetnum: 192.168.0.0 - 192.168.255.255
netname: IANA-CBLK-RESERVED1
descr: Class C address space for private internets
descr: See http://www.ripe.net/db/rfc1918.html for details
country: EU # Country is really world wide
org: ORG-IANA1-RIPE
admin-c: RFC1918-RIPE
tech-c: RFC1918-RIPE
status: ALLOCATED UNSPECIFIED
remarks: Country is really worldwide
remarks: This network should never be routed outside an enterprise
remarks: See RFC1918 for further information
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
source: RIPE # Filtered
organisation: ORG-IANA1-RIPE
org-name: Internet Assigned Numbers Authority
org-type: IANA
address: see http://www.iana.org
remarks: The IANA allocates IP addresses and AS number blocks to RIRs
remarks: see http://www.iana.org/ipaddress/ip-addresses.htm
remarks: and http://www.iana.org/assignments/as-numbers
e-mail: bitbucket@ripe.net
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: RFC1918 Role
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
e-mail: rfc1918@ripe.net
remarks: trouble: See http://www.ripe.net/db/rfc1918.html
admin-c: RFC1918-RIPE
tech-c: RFC1918-RIPE
nic-hdl: RFC1918-RIPE
mnt-by: RFC1918-MNT
source: RIPE # Filtered
ZoneAlarm Security Suite prevented a remote computer from connecting to port 139 on your computer. If you are sharing files on a local network, this connection attempt was probably legitimate network traffic. Port 139 is commonly used by networked Windows computers to enable file sharing and other resource sharing. However, if the traffic that generated this alert came from the Internet rather than a local network, this may have been attack on your computer.
It all reads like a load of bollócks to me but it made me think enough to post this as I'm sure 95% of people with virus/firewall software haven't got a clue what it does or doesn't.
So, who's the bravest nerd?
#2
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
looks like traffic on your network, are you using a router with another pc on the network, those IP's are private
havent used zone alarm but i think you can add your LAN as a trusted zone
havent used zone alarm but i think you can add your LAN as a trusted zone
Last edited by mike1210; 20 November 2005 at 05:16 PM.
#3
Scooby Regular
Thread Starter
Join Date: Dec 2002
Location: Logged Out
Posts: 10,221
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by mike1210
looks like traffic on your network, are you using a router with another pc on the network, those IP's are private
You say private? Private to who?
I guess if you aren't in the computer field all day, understanding the waffle completely will never be possible.
None of the info above is open to abuse by putting it here then is it?
Thanks.
#4
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
private IP's are only relative to YOUR network, the router has to make them to allow other PC's to communicate on the network. 99% off the time this is 192.168.xxx.xxx.
Every pc that plugs in to the router must have a different IP address which is usally provided by the router
first one gets 192.168.1.1 next pc gets 192.168.1.2 and so on, these addresses can't be seen on the internet they are just to allow communication between your network devices
these alerts on your local network are nothing to worry about (provided you can trust the people on it)
the router should block all of these attacks from computers on the net i.e the ouside world
Every pc that plugs in to the router must have a different IP address which is usally provided by the router
first one gets 192.168.1.1 next pc gets 192.168.1.2 and so on, these addresses can't be seen on the internet they are just to allow communication between your network devices
these alerts on your local network are nothing to worry about (provided you can trust the people on it)
the router should block all of these attacks from computers on the net i.e the ouside world
Last edited by mike1210; 20 November 2005 at 05:32 PM.
Thread
Thread Starter
Forum
Replies
Last Post
Wingnuttzz
Member's Gallery
30
26 April 2022 11:15 PM