Hi
Jetico has been asking SYSTEM to send datagrams to remote ports 137 and 138 to my own address.
Ive been rejecting these.
what should i do.
what rule should i make.
Any help would be great

Cheers

This is just Netbios.. You can disable netbios in windows and it will stop then. Or you can allow the traffic in Jetico. Either way.

thanks kerodo

I should have said that you can also block the traffic in Jetico if you want to. Next time it pops up, just deny it and make it a permanent rule. Depends on whether you need Netbios or not. If not, you may just want to disable it in Windows altogether...

what is netbios?
Do i disable it in services?
cheers

It will be used when you have file/printer sharing enabled on a home network/LAN and how the PC's will communicate with each other. Are you behind a router with a LAN? If so, you will likely need to create rules to permit this traffic for the LAN subnet.

If you are not on a LAN and using file/printer sharing you can go into the properties for your network adapter, select Internet Protocal (TCP/IP) and under the advanced settings you will be able to disable NetBios. You can also then go into services stop and disable the TCP/IP NetBios Helper service.

Regards,

CrazyM

Thanks guys that appears to have fixed that pop up issue.
I have another question,
should i let svchost send datagrams to remote port 53?

-{ Quote: "I have another question,
should i let svchost send datagrams to remote port 53?" }-
Yes, those will be DNS lookups. You can permit it globally (any remote IP) or determine your ISP's DNS servers (available via ipconfig /all at the command prompt) and permit it outbound to those servers only.

Regards,

CrazyM

Hi CrazyM,
I already have the dns rules for my primary and secondry dns servers in application table and System internet zone.
so it shouldnt be asking i guess.
It has only asked a couple of times.

So all i can do is just keep rejecting them?

Cheers

-{ Quote: "I already have the dns rules for my primary and secondry dns servers in application table and System internet zone.
so it shouldnt be asking i guess.
It has only asked a couple of times." }-
Do you have some log entries you could post?
Have you checked the remote IP to see who it belongs to? My ISP has 4 DNS servers.

-{ Quote: "So all i can do is just keep rejecting them?" }-
Yes, until you determine if it is legitimate or not.

Regards,

CrazyM

211.29.132.12 is the ip address
hoe do i check who that is?

I really appreciate all your help
cheers

Ive googled an ip resolver
this is what it says

Search results for: 211.29.132.12



OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 210.0.0.0 - 211.255.255.255
CIDR: 210.0.0.0/7
NetName: APNIC-CIDR-BLK2
NetHandle: NET-210-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: TINNIE.ARIN.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1996-07-01
Updated: 2005-05-20

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

# ARIN WHOIS database, last updated 2005-09-04 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

09/05/05 03:34:18 dns 211.29.132.12
nslookup 211.29.132.12
Canonical name: dns.syd.optusnet.com.au
Addresses:
211.29.132.12

09/05/05 03:36:52 whois 211.29.132.12@whois.apnic.net

whois -h whois.apnic.net 211.29.132.12 ...
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 211.28.0.0 - 211.31.255.255
netname: OPTUSINTERNET-AU
descr: OPTUS INTERNET - RETAIL
descr: INTERNET SERVICES
descr: Chatswood, Sydney
country: AU
admin-c: OI3-AP
tech-c: OI3-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-AU-OPTUSINTERNET
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20040316
source: APNIC

role: Optus Internet
address: Level 3, 11 Help Street
address: Chatswood, NSW 2067
country: AU
phone: +61-2-9027-1127
fax-no: +61-2-9027-1035
e-mail: oie-netops@optus.com.au
trouble: Send spam/abuse reports to abuse@optusnet.com.au
admin-c: OI1-AP
tech-c: OI1-AP
nic-hdl: OI3-AP
notify: oie-netops@optus.com.au
mnt-by: MAINT-AU-OPTUSINTERNET
changed: oie-netops@optus.com.au 20040502
changed: hm-changed@apnic.net 20041020
changed: hm-changed@apnic.net 20041020
source: APNIC

It appears to be a DNS server, is it associated with your ISP/carrier?

Regards,

CrazyM

Yes
I am with optusnet DSL BRoadband.
It has not long been put on.
but the tech support said the servers were the same ???

my other dns addresses are 203.x 198.x

I guess there might be another one?

i guess i should permit these

what do you think?

cheers

-{ Quote: "my other dns addresses are 203.x 198.x

I guess there might be another one?" }-
As I noted above, my ISP has a number of DNS servers and while normal usage will just see the primary and secondary ones being used, occassionally querries will go the others.

-{ Quote: "i guess i should permit these

what do you think?" }-
As the IP does resolve to a DNS server belonging to your ISP you should be fine permitting this and adding the IP to your list of DNS servers.

Regards,

CrazyM

Cheers

Thanks again
CrazyM

luvhirez