Author Topic: Netbios Browsing  (Read 366 times)

Offline BUG_EAF322

  • Gold Member
  • *****
  • Posts: 3153
      • http://bug322.startje.com
Netbios Browsing
« on: July 01, 2004, 03:55:13 PM »
I installed my XP again i have a good virus scanner. (pccillin)
Wich makes a log from attacks on my pc.

I'm getting attacks from this ip adress 83.116.119.103 mostly net bios brwosing

I wanna kick back
what can i do

Offline Rasker

  • Silver Member
  • ****
  • Posts: 1265
Netbios Browsing
« Reply #1 on: July 01, 2004, 05:49:18 PM »
Hopefully you already running a firewall.  Go to Shieldsup (grc.com) and check that your ports show as fully stealthed - this makes your 'puter look like it is off or doesnt exist, and forces the scanner to spend the maximum amount of time on your ip before moving to the next ip.

There are pages to report scanners (I forget which ones - try typing hacker report in browser search bar), also ZoneAlarmPro (free trial) will show where the offending address is physically located (they say)  and SamSpade and other sites will help you locate the abuse authority for this ip's isp so you can lodge a complaint with them.  (Chances are, this computer belongs to some poor schlub who doesnt keep up with windows patches and got it taken over by a trojan, but, you never know, and in any case, some Isp's will shut down the offending addy until they get their problem solved).

Again, everyone should not use Internet explorer browser without using High security settings, we don't know which web sites are still infected.

Offline FOGOLD

  • Silver Member
  • ****
  • Posts: 1886
Netbios Browsing
« Reply #2 on: July 02, 2004, 01:58:52 AM »
I have pc-cillin. Netbios browsing is typical casual automated searching for vulnerable computers. It's "normal" and means your firewall is doing its job.  Also you will get "security rule matched" and "fragmented IGMP". There's loads. Just keep that firewall up!;)

Offline blackfalcon4

  • Nickel Member
  • ***
  • Posts: 405
Netbios Browsing
« Reply #3 on: July 02, 2004, 04:55:04 PM »
If your not using a network, shut off netbios.

Offline BUG_EAF322

  • Gold Member
  • *****
  • Posts: 3153
      • http://bug322.startje.com
Netbios Browsing
« Reply #4 on: July 02, 2004, 05:04:03 PM »
Thanks i went to grc.com it's an awesome site and i closed two more ports

i got me idserve also so i can see who the ip is.

seems indeed pccillin does good work :)

Offline Griego

  • Copper Member
  • **
  • Posts: 223
Netbios Browsing
« Reply #5 on: July 05, 2004, 03:19:40 PM »
Try going to Whois web site and plugging it in to see who It is.:)

Offline Orig

  • Copper Member
  • **
  • Posts: 207
Netbios Browsing
« Reply #6 on: July 07, 2004, 11:37:35 AM »
You can always open up internet explorer and type "file://theipaddressyouwanttolookat" and see if they have anything shared.  One guy who's system had been hijacked and was hitting me repeatedly had a printer shared, so I printed a big "you have a virus on  your system!" message on his printer a few times.  His ip addy dropped off my firewall list shortly thereafter so I guess he got the message.

Offline Manedew

  • Silver Member
  • ****
  • Posts: 1080
Netbios Browsing
« Reply #7 on: July 08, 2004, 01:22:30 PM »
here's a few programs/sites you can use to get a bit more information, if you know how to use em' .....

good simple information tool:
http://www.samspade.org/

sniffer:    http://analyzer.polito.it/install/default.htm

the classic scanner:  http://www.insecure.org/