Port 137,138 and 1088 ???

For general info, there is a slight amount of data over in the alternate thread which is now locked over here:

https://www.wilderssecurity.com/showthread.php?t=31890

There's a lot you need to add in order for people to help with this. On the 1088 traffic, what is the source? Is that also LAN based traffic like the NetBIOS you are seeing, or is it coming in from the Internet? Is it always from the same machine (perhaps a LAN based server)?

To your general question, is this machine literally your private property or is it a business system and you're on a business LAN? The significant difference there is your rights may be very different depending upon the answer. If it's a business system and you block the server traffic that they expect to be going in and out of your system, depending upon company policy, you could be fired for interfering with their network security. (I've seen that happen. It's not a joke.)

Edit: I see you replied just before my post here, but I'll leave it as is anyway and try to answer more in the next post.

 

Beyond the discussion of your rights and machine ownership (please reply with more on those particulars), you could very well risk breaking network policy by altering a machine connected on someone else's network.

The traffic noted could very well be used to determine your network status and if you block it, it may very well show them that your machine if offline from the network. They could also be running various client PC management software that would show such traffic patterns, who can say. If it's like most business LAN environments, then they are running NetBIOS for file and printer sharing, and depending upon client configuration, when they browse the network, your machine will show offline if you don't let that traffic through. Perhaps, perhaps not.

 

Well, viruses spread quickly via email in Businesses for a couple reasons. First, usually people share a common email server in a business which is configured for maximum usability, like for example an Exchange server and users running Outlook as a client on their PCs. Second, because in such environments it is very common for large mail lists (aka. the company's address books) to be used to send all kinds of business related messages to an entire department or company, and unfortunately people too often trust messages from inside and open them without thinking. If it's a virus then usually most of the company gets it.

The email server you connect into there could certainly be a point of entry for malware, but if you are careful, (don't click on attachments you aren't sure about, keep your AV fully updated, etc.) you'll probably be fine.

The NetBIOS traffic on 137-139 is only problematic if your private system is actually configured to use network shares and printers, and especially if your system has a share you allow others to connect into from that LAN. Do you browse LAN based folders there to share spreadsheets and such? Can other people browse them and pull them from your system? If so, then yes you could again be vulnerable. But, if you "don't share" in this way, and MS Networking is not even enabled on your PC, then blocking that traffic will neither change what you have access to nor interfere with their network.

 

The security in email is more in the client application and the user sitting at the keyboard than anywhere else. POP3 can be used very safely, and people still get viruses via Webmail, so there is not really a better way to email. You've shown you know about reading email as plain text and scanning with an AV, so that means you are probably practicing safe computing, which is the biggest issue for most people.

Sharing via FTP is very straight forward and certainly guarantees that things aren't happening automagically in the background, as it often is with NetBIOS in a Microsoft networking environment. If you use no shares and provide none from your system, then you probably can disable NetBIOS on your PC. It sounds like it is your system, and it isn't making use of shares, so it probably won't be a problem to disable it. But, a question. Have you thought about asking about the details of the policies regarding the use of the network? I know sometimes you don't want to ask because you don't want to 'open that box' and draw attention to the issues, but it really is better to know than not know.

Also, when your system was configured to be able to connect to the network, did the network or systems folks there install any products or tools on it? Business owned systems very frequently have management applications installed, so I'm wondering if they added anything on your system which might need to talk across their LAN to specific servers there. It might account for some of the traffic if it turns out to be mgmt tool related.

Oh, and as for whether disabling NetBIOS will stop the traffic... The answer is that it depends. If some of that traffic was your system responding to the various other traffic on the LAN, then disabling it will stop that part of it, but it won't stop the "background noise" of the other PCs NetBIOS traffic. (NetBIOS is very chatty on LANs, so you'll always see that traffic going by.)

Also, it is best not to call the traffic "pings". They are packets of various forms that are communicated on the network. Ping is generally used to refer to a specific type of packet used mainly to determine network path availability and performance levels.