Author Topic: Netbios Browsing (Read 365 times)

BUG_EAF322 · « **on:** July 01, 2004, 03:55:13 PM »

I installed my XP again i have a good virus scanner. (pccillin)
Wich makes a log from attacks on my pc.

I'm getting attacks from this ip adress 83.116.119.103 mostly net bios brwosing

I wanna kick back
what can i do

Rasker · « **Reply #1 on:** July 01, 2004, 05:49:18 PM »

Hopefully you already running a firewall. Go to Shieldsup (grc.com) and check that your ports show as fully stealthed - this makes your 'puter look like it is off or doesnt exist, and forces the scanner to spend the maximum amount of time on your ip before moving to the next ip.

There are pages to report scanners (I forget which ones - try typing hacker report in browser search bar), also ZoneAlarmPro (free trial) will show where the offending address is physically located (they say) and SamSpade and other sites will help you locate the abuse authority for this ip's isp so you can lodge a complaint with them. (Chances are, this computer belongs to some poor schlub who doesnt keep up with windows patches and got it taken over by a trojan, but, you never know, and in any case, some Isp's will shut down the offending addy until they get their problem solved).

Again, everyone should not use Internet explorer browser without using High security settings, we don't know which web sites are still infected.

FOGOLD · « **Reply #2 on:** July 02, 2004, 01:58:52 AM »

I have pc-cillin. Netbios browsing is typical casual automated searching for vulnerable computers. It's "normal" and means your firewall is doing its job. Also you will get "security rule matched" and "fragmented IGMP". There's loads. Just keep that firewall up!;)

blackfalcon4 · « **Reply #3 on:** July 02, 2004, 04:55:04 PM »

If your not using a network, shut off netbios.

BUG_EAF322 · « **Reply #4 on:** July 02, 2004, 05:04:03 PM »

Thanks i went to grc.com it's an awesome site and i closed two more ports

i got me idserve also so i can see who the ip is.

seems indeed pccillin does good work

Griego · « **Reply #5 on:** July 05, 2004, 03:19:40 PM »

Try going to Whois web site and plugging it in to see who It is.

Orig · « **Reply #6 on:** July 07, 2004, 11:37:35 AM »

You can always open up internet explorer and type "file://theipaddressyouwanttolookat" and see if they have anything shared. One guy who's system had been hijacked and was hitting me repeatedly had a printer shared, so I printed a big "you have a virus on your system!" message on his printer a few times. His ip addy dropped off my firewall list shortly thereafter so I guess he got the message.

Manedew · « **Reply #7 on:** July 08, 2004, 01:22:30 PM »

here's a few programs/sites you can use to get a bit more information, if you know how to use em' .....

good simple information tool:
http://www.samspade.org/

sniffer: http://analyzer.polito.it/install/default.htm

the classic scanner: http://www.insecure.org/