confused by entry in firewall - am I looking at some kind of malware?

[louise]

Win XP Pro, SP2, NAT router, NOD32 and SuperAntiSpyware

Because Sygate is not maintained or supported, I recently
installed the free copy of PC Tools Firewall Plus - I'm
questioning whether I need a software firewall at all, but I
did.

BTW, first I tried Comodo but it didn't play well with
WinFaxPro and it played very badly with SpamBully which I
use with Microsoft Outlook. In fact, I had to create a new
profile in OUtlook to get out of the mess.

The logs show the following and I don't understand it. I'd
really appreciate it if someone could enlighten me

I find 10 or 15 entries in
about 1 or two minutes which read as follows:

Rule: TCP/UDP: Any other packet
Zone: Internet Zone
Action: blocked
Type: UDP
Additional: Port Dest: 137 Src 137 (some are to 138)

What are these? Is something on my system trying to "dial"
out or are ports 137 and 138 used for specific purposes that
I don't understand.

TIA

Louise

[Andy Walker]

louise wrote:

>I find 10 or 15 entries in
>about 1 or two minutes which read as follows:
>
>Rule: TCP/UDP: Any other packet
>Zone: Internet Zone
>Action: blocked
>Type: UDP
>Additional: Port Dest: 137 Src 137 (some are to 138)
>
>What are these? Is something on my system trying to "dial"
>out or are ports 137 and 138 used for specific purposes that
>I don't understand.

You would normally see a source and destination address in your log,
which will tell you where the blocked traffic is coming from and going
to.

Unless you have a home network setup with more than one computer the
traffic is probably coming from your computer, which may be trying to
communicate its netbios info to other computers. This is normal on a
Microsoft network, but is not a good thing to be broadcasting on the
internet, or on any untrusted private network. You should modify the
properties of your network interface to remove netbios support, or you
can just let your firewall continue to block the traffic.