freakygod
asked on
Nbname and Nbdgram are Detected by Firewall
Hi experts,
My firewall logs show connection attempts named nbname(137) and nbdgram(138) almost every minute from the local LAN network.
As I researched some information about them, I have realized that they are not look good.
The nbname is meant to stop someone from joining the network, isn't it? And the nbdgram is to broadcast datagrams, according to this page. http://www.mycplus.com/out.asp?CID=1&SCID=186
I have two PCs and one file server in the same network. The file server is the one sending the nbname packets to everywhere. And the both pcs seems to be infected with the nbdgram since both pcs' firewall logs indicate each of their connection blocks with the name of nbdgram(138).
My question is, how can I remove them? I tried to search entire harddisks by the keywords of nbname and nbdfram, but with no luck I wasn't able to detect any files.
I need you experts help. Thanks in advance.
My firewall logs show connection attempts named nbname(137) and nbdgram(138) almost every minute from the local LAN network.
As I researched some information about them, I have realized that they are not look good.
The nbname is meant to stop someone from joining the network, isn't it? And the nbdgram is to broadcast datagrams, according to this page. http://www.mycplus.com/out.asp?CID=1&SCID=186
I have two PCs and one file server in the same network. The file server is the one sending the nbname packets to everywhere. And the both pcs seems to be infected with the nbdgram since both pcs' firewall logs indicate each of their connection blocks with the name of nbdgram(138).
My question is, how can I remove them? I tried to search entire harddisks by the keywords of nbname and nbdfram, but with no luck I wasn't able to detect any files.
I need you experts help. Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You deactivated Windows networking by stop 135 and 445, so you cannot accomplish both tasks--stop the packets while still allowing WINDOWS browsing.
The activity that you are seeing on the intranet port of your firewall is NORMAL behavior in a Windows network.
Disable this type of logging on your intranet or simply disregard it.
The activity that you are seeing on the intranet port of your firewall is NORMAL behavior in a Windows network.
Disable this type of logging on your intranet or simply disregard it.
ASKER
Thanks for your comment Phil,
My laptop shares networks with other people. This packet sending activity just tells others that I'm here. Is it smart to do?
It would be greatly appreciated if this could be accomplished.
My laptop shares networks with other people. This packet sending activity just tells others that I'm here. Is it smart to do?
It would be greatly appreciated if this could be accomplished.
"This packet sending activity just tells others that I'm here. Is it smart to do?"
This is how Microsoft networking works.
Is it smart to do is debateable.
The best way to deactivate it while allowing MS Networking is to run a personal firewall (better than Windows Firewall) that blocks both ingress and egress traffic.
By customizing ingress and egress traffic, you can put specific firewall rules on your system to allow it to talk MS networking to specific other systems.
It slightly breaks MS networking, but it provides a level of security than the default wide-open MS networking posture.
This is how Microsoft networking works.
Is it smart to do is debateable.
The best way to deactivate it while allowing MS Networking is to run a personal firewall (better than Windows Firewall) that blocks both ingress and egress traffic.
By customizing ingress and egress traffic, you can put specific firewall rules on your system to allow it to talk MS networking to specific other systems.
It slightly breaks MS networking, but it provides a level of security than the default wide-open MS networking posture.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
ASKER
I'm so relieved now. But the articles don't tell how to stop each machine's sending the packets. Do I need to terminate the service or close the ports?
I just closed the port 135 and 445 on one pic and it started not to send tha packets. However, now I cannot browse networks. If I type "\\computernameORip", I get an error, "Windows canot find....."
So how do I stop the packets but keep the network browsing?