# Question - Router and Firewall - Incoming 'Attack'?



## dirtylcd (Oct 1, 2009)

Hi guys,

A question. My modem is linked to a wireless router. This wireless router is lnked to my PC through ethernet. I have a firewall which alerts me to inbound.

My firewall alerted me to about 5 attempts for 169.254.255.255 Port 137 trying to connect to 'System' over UDP protocol.

Question is, could that be legitimate? Does my router block bad incoming itself? Also, Is it benificial or not to leave the Windows XP Firewall opn at the same time as my third party firewall?

Thanks for any help.

Here are more pasted details.

Network Event Information
Rule ID 10 
Rule Scope 2 -- Not Trusted Inbound 
Direction 1 -- Inbound 
Adapter ID 00000000FC6BFD5AC9011E1AD4586F234C777890 
Local Address 169.254.***.*** (starred it out, not sure iof thats necessary but yeah.)
Remote Address 169.254.99.81 
Protocol 17 -- UDP 
Local Port 137 
Remote Port 137 
Process ID 4 
Application System 
Is the RuleData field set? Yes 
Rule Type 0 -- Network Rule 



Network Rule Information
Network Rule ID 10 
Name NETBIOS 
Description Microsoft File and Printer Sharing 
Trusted Inbound Action 0 -- Allow 
Trusted Outbound Action 0 -- Allow 
Not Trusted Inbound Action 4 -- Prompt 
Not Trusted Outbound Action 0 -- Allow 
User Created No 
Client Rule Data 2 -- Network


----------



## dlbrody (Mar 31, 2010)

I would not worry about it...especially since that IP address listed is not a standard internet address.


Port 137 netbios-ns

NetBIOS name service (UDP)

firewalls: Firewall administrators will frequently see large numbers of incoming packets to port 137. This is due to the behavior of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the "gethostbyaddr()" function. As users behind the firewalls surf Windows-based web sites, those servers will frequently respond with NetBIOS lookups.


----------



## dlbrody (Mar 31, 2010)

Addresses in the range 169.254.0.0 to 169.254.255.255 are used automatically by some PCs and Macs when they are configured to use IP, do not have a static IP Address assigned, and are unable to obtain an IP address using DHCP.


----------

