where is windows connecting to???

Discussion in 'other firewalls' started by LMHmedchem, Jan 7, 2014.

Thread Status:
Not open for further replies.
  1. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    Hello,

    I run comodo ISP and I noticed in my active connections log that System[4] has several open connections to two IP addresses,

    192.168.10.255:137
    192.168.56.255:138

    The log lists a small amount of data under bytes out. These IP addresses appear to be on my local net, but I have no devices at these addresses.

    I am looking for information about what is at the other end of this connection. I am not especially worried about it, but I think that it is important to understand the normal functioning of your computer so you can recognize when something is out of the ordinary.

    LMHmedchem
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    It's nothing to worry about. Here's some info on it:

    -http://technet.microsoft.com/en-us/library/cc940063.aspx
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    I totally agree with you. More you know about your system, sooner you will spot something unordinary. As wat0114 said, you should not worry about this connections. If you don't need/want this functionality, you can disable the protocol as described in article.

    Regards, hqsec
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    .255 is to broadcast your existence using Netbios.
    Two subnets is atypical at home, though possible, I guess. Do you see this at work or someplace with multiple subnets? Have two routers at home?
     
    Last edited: Jan 8, 2014
  5. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    This is at home. My router is a z100g. It has both LAN and WLAN, would this be the reason for two sub nets?

    I thought I had NetBIOS Over TCP/IP disabled but I didn't. I have disabled it and the connections no longer appear. At the moment, system is listening at ports 139 and 445, with svchost listening on 135.

    LMHmedchem
     
  6. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    I'm no expert. I hope somebody can explain it better.
    139 and 445 are for SMB - replacement for or addition to NetBios.
    http://en.wikipedia.org/wiki/Server_Message_Block
    http://support.microsoft.com/kb/204279
    135 described here for instance. Is endpoint mapper.
    http://www.dslreports.com/forum/r7652730-Port-135-is-not-netbios.
    NetBIOS restricted to your own trusted LAN devices is not a security issue.

    192.168.x.x is local, private, stuff
    http://en.wikipedia.org/wiki/Private_network
    http://en.wikipedia.org/wiki/Subnetwork

    Most routers have ethernet, LAN connection - that's the wired part, and WLAN which is the WiFi or radio part.
    Both will be on the same subnet and do all their broadcasting on the last number which is .255.

    What is your IP? use "ipconfig /all" in command window. You'll see all the adapters there. And what is the IP of the router? They have to be on the same subnet as far as I know.
    But maybe that router you have works differently, though I doubt it.

    Is it possible you're seeing or connecting to a neighbor if you use WiFi?
     
Loading...
Thread Status:
Not open for further replies.