I guess the trace to BLACKHOLE-1.IANA.ORG confused me here. For more info on this Check out www.iana.org
I also did a security check (The SYmantec online check) on the assigned IP address, and it passed with colours. I will disable the CLient fir Microsoft Networks and see how it goes, Thanks a lot for your help. Rune ----- Original Message ----- From: "Scott Fendley" <[EMAIL PROTECTED]> To: "Rune Berntzen" <[EMAIL PROTECTED]>; "Security Basics" <[EMAIL PROTECTED]> Sent: Thursday, October 17, 2002 1:04 AM Subject: Re: Listener on ports 137, 138, 139 > I will take a crack at this one. These port numbers are used by > Microsoft's net-bios protocol. This is the protocol that you are using to > map drives between workstations among other uses. > > The address in question is in a reserved address space that the MS TCP/IP > stack uses until a DHCP/bootp response has been received. > > So all of this is normal operating environment on your windows > PC. Personally, if you do not find the need to map drives or browse the > Microsoft Network, I would drop the Client for Microsoft Networks and the > Netbeui/netbios capabilities on your computer. If you must map drives, > then I would set your firewall software to reject netbios traffic except > from a particular IP or IP block. This will minimize your exposure to the > outside world. > > Hopefully, I haven't lost you in my response too much. If you have more > questions about this above, I will try to assist you as much as I can. > > Scott > > At 07:27 PM 10/15/2002 +0200, Rune Berntzen wrote: > >Hi all, > > > >When checking port activity using TCPView I notice that I have a = > >listener on ports 137,138 and 139. > >The Local Address seems to be from a Class B network, 169.254.0.0, = > >which I trace to something called=20 > > > >BLACKHOLE-1.IANA.ORG > > > >using SmartWhois. > > > >The funny thing is that the LISTENING entries are visible in TCPView = > >even before I connect to my ADSL provider. > > > >Anybody has an idea about what this can be. > > > >BTW, I am running Norton Internet Security 2001 with updatet virus = > >definitions. > > > >Thanks in advance, > >Rune > > --- > Scott Fendley [EMAIL PROTECTED] > Systems/Security Analyst (479) 575-2022 > University of Arkansas (479) 575-4753 fax > > >
