Could you tell me what these annoying firewall logs are?

GSDog · 3 Aug 2006 at 14:53

Hi all.

I have been getting some very annoying problems from 'matica.hr' in my peerguardian log. I have a router and a software firewall, but I use peerguardian just for extra protection but for some reason this very annoying 'matica.hr' keeps trying to connect.

Screenshot:

It seems to happen when ever I turn my PC on, or do something like check my emails etc. Any ideas why this is happening?

ns400r · 3 Aug 2006 at 15:10

Looks like a PC on your local network is doing it. Either IP address 192.168.1.37 or 192.168.1.38

How many PC's do you have?
What is the IP address of the PC you normally use?

Time for a spyware cleanout !

Sin_Chase · 3 Aug 2006 at 15:11

http://seclists.org/incidents/2001/Mar/0019.html

FordPrefect · 3 Aug 2006 at 16:01

Ignore that if you look its sourced from a PC on your network, to the network broadcast address using UDP 138, one of the microsoft netbios ports. Its just trying to sort out who is the browse master, change a netbios name to an IP addresss etc. As its destined for the broadcast address its not actually going out of your network. Easiest thing to do depending upon the firewall is create a new rule that will silently drop any netbios traffic or broadcasts without logging the packet.

GSDog · 3 Aug 2006 at 16:24

Hi.

Thanks for the replies. My local I.P address is 192.168.1.2 and there are two other computers on my network.
So I should just ignore this?

Thanks.

james32 · 3 Aug 2006 at 16:45

its a infected server trying to connect to your network

FordPrefect · 3 Aug 2006 at 22:57

Zildjian said:
Hi.

Thanks for the replies. My local I.P address is 192.168.1.2 and there are two other computers on my network.
So I should just ignore this?

Thanks.

Like I said just ignore it, its a broadcast to your network that is not going to be forwarded, just netbios traffic, best thing to do is to silence it by putting a new firewall rule in to block all 135-139 udp/tcp and 445 tcp traffic and dont log it. Windows is always sending crap like this about and on most enterprise firewalls the first rule is to drop and dont log netbios crud. Commonly called the crud rule