Jetico, System sending datagrams

Discussion in 'other firewalls' started by luvhirez, Sep 4, 2005.

Thread Status:
Not open for further replies.
  1. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    Hi
    Jetico has been asking SYSTEM to send datagrams to remote ports 137 and 138 to my own address.
    Ive been rejecting these.
    what should i do.
    what rule should i make.
    Any help would be great

    Cheers
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    This is just Netbios.. You can disable netbios in windows and it will stop then. Or you can allow the traffic in Jetico. Either way.
     
  3. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    thanks kerodo
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    I should have said that you can also block the traffic in Jetico if you want to. Next time it pops up, just deny it and make it a permanent rule. Depends on whether you need Netbios or not. If not, you may just want to disable it in Windows altogether...
     
  5. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    what is netbios?
    Do i disable it in services?
    cheers
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It will be used when you have file/printer sharing enabled on a home network/LAN and how the PC's will communicate with each other. Are you behind a router with a LAN? If so, you will likely need to create rules to permit this traffic for the LAN subnet.

    If you are not on a LAN and using file/printer sharing you can go into the properties for your network adapter, select Internet Protocal (TCP/IP) and under the advanced settings you will be able to disable NetBios. You can also then go into services stop and disable the TCP/IP NetBios Helper service.

    Regards,

    CrazyM
     
  7. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    Thanks guys that appears to have fixed that pop up issue.
    I have another question,
    should i let svchost send datagrams to remote port 53?
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Yes, those will be DNS lookups. You can permit it globally (any remote IP) or determine your ISP's DNS servers (available via ipconfig /all at the command prompt) and permit it outbound to those servers only.

    Regards,

    CrazyM
     
  9. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    Hi CrazyM,
    I already have the dns rules for my primary and secondry dns servers in application table and System internet zone.
    so it shouldnt be asking i guess.
    It has only asked a couple of times.

    So all i can do is just keep rejecting them?

    Cheers
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have some log entries you could post?
    Have you checked the remote IP to see who it belongs to? My ISP has 4 DNS servers.

    Yes, until you determine if it is legitimate or not.

    Regards,

    CrazyM
     
  11. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    211.29.132.12 is the ip address
    hoe do i check who that is?

    I really appreciate all your help
    cheers
     
  12. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    Ive googled an ip resolver
    this is what it says

    Search results for: 211.29.132.12



    OrgName: Asia Pacific Network Information Centre
    OrgID: APNIC
    Address: PO Box 2131
    City: Milton
    StateProv: QLD
    PostalCode: 4064
    Country: AU

    ReferralServer: whois://whois.apnic.net

    NetRange: 210.0.0.0 - 211.255.255.255
    CIDR: 210.0.0.0/7
    NetName: APNIC-CIDR-BLK2
    NetHandle: NET-210-0-0-0-1
    Parent:
    NetType: Allocated to APNIC
    NameServer: NS1.APNIC.NET
    NameServer: NS3.APNIC.NET
    NameServer: NS4.APNIC.NET
    NameServer: NS-SEC.RIPE.NET
    NameServer: TINNIE.ARIN.NET
    NameServer: DNS1.TELSTRA.NET
    Comment: This IP address range is not registered in the ARIN database.
    Comment: For details, refer to the APNIC Whois Database via
    Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
    Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
    Comment: for the Asia Pacific region. APNIC does not operate networks
    Comment: using this IP address range and is not able to investigate
    Comment: spam or abuse reports relating to these addresses. For more
    Comment: help, refer to http://www.apnic.net/info/faq/abuse
    Comment:
    RegDate: 1996-07-01
    Updated: 2005-05-20

    OrgTechHandle: AWC12-ARIN
    OrgTechName: APNIC Whois Contact
    OrgTechPhone: +61 7 3858 3100
    OrgTechEmail: search-apnic-not-arin@apnic.net

    # ARIN WHOIS database, last updated 2005-09-04 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    09/05/05 03:34:18 dns 211.29.132.12
    nslookup 211.29.132.12
    Canonical name: dns.syd.optusnet.com.au
    Addresses:
    211.29.132.12

    09/05/05 03:36:52 whois 211.29.132.12@whois.apnic.net

    whois -h whois.apnic.net 211.29.132.12 ...
    % [whois.apnic.net node-2]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 211.28.0.0 - 211.31.255.255
    netname: OPTUSINTERNET-AU
    descr: OPTUS INTERNET - RETAIL
    descr: INTERNET SERVICES
    descr: Chatswood, Sydney
    country: AU
    admin-c: OI3-AP
    tech-c: OI3-AP
    mnt-by: APNIC-HM
    mnt-lower: MAINT-AU-OPTUSINTERNET
    status: ALLOCATED PORTABLE
    remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    remarks: This object can only be updated by APNIC hostmasters.
    remarks: To update this object, please contact APNIC
    remarks: hostmasters and include your organisation's account
    remarks: name in the subject line.
    remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    changed: hm-changed@apnic.net 20040316
    source: APNIC

    role: Optus Internet
    address: Level 3, 11 Help Street
    address: Chatswood, NSW 2067
    country: AU
    phone: +61-2-9027-1127
    fax-no: +61-2-9027-1035
    e-mail: oie-netops@optus.com.au
    trouble: Send spam/abuse reports to abuse@optusnet.com.au
    admin-c: OI1-AP
    tech-c: OI1-AP
    nic-hdl: OI3-AP
    notify: oie-netops@optus.com.au
    mnt-by: MAINT-AU-OPTUSINTERNET
    changed: oie-netops@optus.com.au 20040502
    changed: hm-changed@apnic.net 20041020
    changed: hm-changed@apnic.net 20041020
    source: APNIC

    It appears to be a DNS server, is it associated with your ISP/carrier?

    Regards,

    CrazyM
     
  14. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    Yes
    I am with optusnet DSL BRoadband.
    It has not long been put on.
    but the tech support said the servers were the same o_O

    my other dns addresses are 203.x 198.x

    I guess there might be another one?

    i guess i should permit these

    what do you think?

    cheers
     
  15. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    As I noted above, my ISP has a number of DNS servers and while normal usage will just see the primary and secondary ones being used, occassionally querries will go the others.

    As the IP does resolve to a DNS server belonging to your ISP you should be fine permitting this and adding the IP to your list of DNS servers.

    Regards,

    CrazyM
     
  16. luvhirez

    luvhirez Registered Member

    Joined:
    May 13, 2005
    Posts:
    87
    Location:
    Melbourne
    Cheers

    Thanks again
    CrazyM

    luvhirez
     
Thread Status:
Not open for further replies.