- Dec 29, 2014
- 1,716
Been trying to see if the hosts file is blocking sites. On the one hand it seems so for entries in the hosts file that were placed by Spybot Anti-Beacon. However, any entries I added were not being successfully blocked. I tested by pinging the domains added by Spybot and got "host not found" which I assumed meant the hosts file was working. On the other hand I got a timeout from checking msn.com which I had added (I was using it for the test and yes I saved the file properly btw). I thought the timeout was probably protection on Microsoft's end, but the check ran the usual 4 times, so I assume that means that the host file did not block the attempt.
Anyway, this led me to see if I could learn more about the router and maybe use it to block. I learned that I could block a limited number of sites individually by domain name. At the same time, I decided to enable the log and see what turned up there. When I did, I noticed that Netbios (port 137) was actually on a regular basis using a UDP connection to various domains around the internet. Most of these are familiar and from Microsoft or CloudFlare or Amazon. This seems like abysmal security, so I would like to see if I can block this specific behavior from Netbios.
I read this which is great but a little over my head:
Is Netbios a huge security threat?
Then I saw this:
netBIOS bloodlust
which I could relate to better having used PrivateFirewall for an extensive period of time. I don't miss much about PrivateFirewall, but I do miss the logs and the connection controls.
So does anyone have any simple plain language input on Netbios, actually these three ports (Netbios is 137):
UDP/137, UDP/138, and TCP/139
, and on how to achieve blocks for all connections outside the local/home network? I only have Comodo FW to work with for this, other than the router settings...
Anyway, this led me to see if I could learn more about the router and maybe use it to block. I learned that I could block a limited number of sites individually by domain name. At the same time, I decided to enable the log and see what turned up there. When I did, I noticed that Netbios (port 137) was actually on a regular basis using a UDP connection to various domains around the internet. Most of these are familiar and from Microsoft or CloudFlare or Amazon. This seems like abysmal security, so I would like to see if I can block this specific behavior from Netbios.
I read this which is great but a little over my head:
Is Netbios a huge security threat?
Then I saw this:
netBIOS bloodlust
which I could relate to better having used PrivateFirewall for an extensive period of time. I don't miss much about PrivateFirewall, but I do miss the logs and the connection controls.
So does anyone have any simple plain language input on Netbios, actually these three ports (Netbios is 137):
UDP/137, UDP/138, and TCP/139
, and on how to achieve blocks for all connections outside the local/home network? I only have Comodo FW to work with for this, other than the router settings...