1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Could you tell me what these annoying firewall logs are?

Discussion in 'Networks & Internet Connectivity' started by GSDog, 3 Aug 2006.

  1. GSDog

    Soldato

    Joined: 12 Jun 2004

    Posts: 5,463

    Location: Surrey

    Hi all.

    I have been getting some very annoying problems from 'matica.hr' in my peerguardian log. I have a router and a software firewall, but I use peerguardian just for extra protection but for some reason this very annoying 'matica.hr' keeps trying to connect.

    Screenshot:

    [​IMG]

    It seems to happen when ever I turn my PC on, or do something like check my emails etc. Any ideas why this is happening?
     
  2. ns400r

    Mobster

    Joined: 23 Apr 2004

    Posts: 3,580

    Location: UK, Near the middle......

    Looks like a PC on your local network is doing it. Either IP address 192.168.1.37 or 192.168.1.38

    How many PC's do you have?
    What is the IP address of the PC you normally use?

    Time for a spyware cleanout !
     
    Last edited: 3 Aug 2006
  3. Sin_Chase

    Capodecina

    Joined: 13 Jan 2004

    Posts: 20,576

  4. FordPrefect

    Mobster

    Joined: 18 Oct 2002

    Posts: 2,715

    Ignore that if you look its sourced from a PC on your network, to the network broadcast address using UDP 138, one of the microsoft netbios ports. Its just trying to sort out who is the browse master, change a netbios name to an IP addresss etc. As its destined for the broadcast address its not actually going out of your network. Easiest thing to do depending upon the firewall is create a new rule that will silently drop any netbios traffic or broadcasts without logging the packet.
     
  5. GSDog

    Soldato

    Joined: 12 Jun 2004

    Posts: 5,463

    Location: Surrey

    Hi.

    Thanks for the replies. My local I.P address is 192.168.1.2 and there are two other computers on my network.
    So I should just ignore this?

    Thanks.
     
  6. james32

    Hitman

    Joined: 15 Aug 2005

    Posts: 716

    its a infected server trying to connect to your network
     
  7. FordPrefect

    Mobster

    Joined: 18 Oct 2002

    Posts: 2,715

    Like I said just ignore it, its a broadcast to your network that is not going to be forwarded, just netbios traffic, best thing to do is to silence it by putting a new firewall rule in to block all 135-139 udp/tcp and 445 tcp traffic and dont log it. Windows is always sending crap like this about and on most enterprise firewalls the first rule is to drop and dont log netbios crud. Commonly called the crud rule ;)