Jump to content
Posted 29 March 2012 - 22:16
Posted 30 March 2012 - 02:06
Posted 30 March 2012 - 04:04
I run peerblock on my home server to cut down on the spam traffic I get (run my own mail server).
It works well, but I've noticed lately tons of outgoing connections on port 137 (netbios). What's strange though is that none of these connections show up in TCPView or Resource Monitor (win 2k8r2).
I've tried shutting off peerblock, and checking TCPView and RM, but still do not see any outgoing 137 connections, only when PB is up.
The countries listed worry me somewhat (china, iran, saudi arabia, russia, etc) but I've done everything from Malware checks to antivirus scans, nothing comes up.
Google produces no results for the cause of this, so wondering if anyone has any ideas?
Posted 30 March 2012 - 04:29
Posted 30 March 2012 - 12:34
Posted 21 June 2012 - 18:51
Many people claim this program is more trouble than it's worth. But the idea is sound. Would Spam Assassin would be more useful? Many ISPs use it.
I can't see anything that says TCPView monitors NETBIOS (NETBEUI) packets. It only seems to do TCP (and UDP)? Does that mean it only does TCP/IP? I can't tell. I keep NETBEUI disabled on my XP computer. I used to get lots of stray NETBEUI packets from Korea.
A search for
gave me plenty of info.
Some packet monitoring programs only show successful connections, or ones where a packet is returned.
Have you tried WireShark (used to be called Ethereal)?
I guess this is PB trying to link to other PB servers to update its ban lists.
These countries are know for P2P servers as well as spambots.
It might be normal behaviour for PB. Maybe it's just trying to get in touch with other PB computers.