thousands of netbios requests

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I've been using Outpost Pro, and I noticed that my system is producing thousands of NetBIOS requests to assorted TCP/IP addresses which Outpost is blocking. I haven't been able to figure out where the requests are originating from yet. I'm running Windows XP HE, Avast! Antivirus, SpywareBlaster, Spybot S&D, Adaware6, and SpywareGuard. None of these programs is picking up any viruses/Trojans, etc. Any suggestions appreciated.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Lindyhop" <victorsacco_nospamers@highstream.net> wrote in
news:10ear4bm21omg1b@corp.supernews.com:

> I've been using Outpost Pro, and I noticed that my system is producing
> thousands of NetBIOS requests to assorted TCP/IP addresses which
> Outpost is blocking. I haven't been able to figure out where the
> requests are originating from yet. I'm running Windows XP HE, Avast!
> Antivirus, SpywareBlaster, Spybot S&D, Adaware6, and SpywareGuard.
> None of these programs is picking up any viruses/Trojans, etc. Any
> suggestions appreciated.
>

You have got to look for yourself with the tools mentioned in the link
Active Ports and Process Explorer -- good luck.

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

How are you getting that line to not wrap? I am using Xnews.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Lindyhop" <victorsacco_nospamers@highstream.net> wrote in message
news:10ear4bm21omg1b@corp.supernews.com...
I've been using Outpost Pro, and I noticed that my system is producing
thousands of NetBIOS requests to assorted TCP/IP addresses which Outpost
is blocking. I haven't been able to figure out where the requests are
originating from yet. I'm running Windows XP HE, Avast! Antivirus,
SpywareBlaster, Spybot S&D, Adaware6, and SpywareGuard. None of these
programs is picking up any viruses/Trojans, etc. Any suggestions
appreciated.

Though I am not familiar with Outpost Pro, I wonder if it's attempting
to 'learn' additional information about the source IP's? I know from
personal experience with testing the BlackICE Firewall it can be
configured that when a probe is received it will conduct a NetBIOS query
against the source IP to acquire additional information. Is it possible
that Outpost Pro is doing the same?

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Don Kelloway" <dkelloway@commodon.com> wrote in message
news:CNUFc.7387$yy1.6009@newsread2.news.atl.earthlink.net...
> "Lindyhop" <victorsacco_nospamers@highstream.net> wrote in message
> news:10ear4bm21omg1b@corp.supernews.com...
> I've been using Outpost Pro, and I noticed that my system is producing
> thousands of NetBIOS requests to assorted TCP/IP addresses which Outpost
> is blocking. I haven't been able to figure out where the requests are
> originating from yet. I'm running Windows XP HE, Avast! Antivirus,
> SpywareBlaster, Spybot S&D, Adaware6, and SpywareGuard. None of these
> programs is picking up any viruses/Trojans, etc. Any suggestions
> appreciated.
>
> Though I am not familiar with Outpost Pro, I wonder if it's attempting
> to 'learn' additional information about the source IP's? I know from
> personal experience with testing the BlackICE Firewall it can be
> configured that when a probe is received it will conduct a NetBIOS query
> against the source IP to acquire additional information. Is it possible
> that Outpost Pro is doing the same?
>
> --
> Best regards, from Don Kelloway of Commodon Communications
> Visit http://www.commodon.com to learn about the "Threats to Your
> Security on the Internet".


Thanks to all for the replys. You may be interested to know that I did
eventually discover a trojan that was the cause of the problem (and was able
to remove it with Avast!). Just goes to show that even with firewall,
anti-virus, and spyblocking software guarding the door stuff can still get
in!


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.721 / Virus Database: 477 - Release Date: 7/16/2004

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

> Thanks to all for the replys. You may be interested to know that I
> did eventually discover a trojan that was the cause of the problem
> (and was able to remove it with Avast!). Just goes to show that even
> with firewall, anti-virus, and spyblocking software guarding the door
> stuff can still get in!
>
>

Malware can circumvent and defeat any application designed to stop it is
the bottom line and one must review what's happening on the machine with
proper tools on a routine basis and not depend upon detection software as
the stop all end all solution and leave it at that.

Duane