I noticed a series of connection attempts while reviweing pgld.log starting when I installed my system/acquired ADSL (occured at the same time). The log reads the following every 11-12 minutes:
Feb 21 18:53:55 IN 192.168.1.1:138 192.168.1.255:138 UDP || Consiglio Nazionale delle Ricerche | Dabber.BBT | Bogon
I added rules for tcp and udp to drop requests on ports 137-139,445,67,68 and the log readouts in pgld.log did not change. I also crosschecked the pgld.log on a seperate machine running Arch Bang on the same network and there were 0 hits over the course of hours. To check for intrusions I ran rkhunter and chkrootkit from a RO usb and ran snort for a couple of hours but found nothing.
The main concern is that according to a pgl blocklist IPs eminating from "Consiglio Nazionale delle Ricerche", or "National Research Council", are persistently attempting to connect to my system. This Italian public organization is set up to conduct a variety of tech and science researches. I neither live in Italy nor have an ISP affiliated with Italy. However, the blocklist classifies it as a bogon, which undermines the possibility of the organization being positively identified.
How do I proceed in order to understand the source of the problem and begin to stop the persistent connection attempts?
The problem was also reported here on the forums but the ports are different. For me its reporting on a port associated with netbios, a legacy protocol used most often with Windows. The config in /etc/cups/client.conf yields nothing valuable and I would like to get rid of CUPS but # pacman -Rs cups shows that no such package exists.
More information from wikipedia relating to the port in question:
Datagram distribution service Datagram mode is connectionless; the application is responsible for error detection and recovery. In NBT, the datagram service runs on UDP port 138. The datagram service primitives offered by NetBIOS are: Send Datagram – send a datagram to a remote NetBIOS name. Send Broadcast Datagram – send a datagram to all NetBIOS names on the network. Receive Datagram – wait for a packet to arrive from a Send Datagram operation. Receive Broadcast Datagram – wait for a packet to arrive from a Send Broadcast Datagram operation.
Last edited by Divinorum (2013-02-22 19:40:16)
The Internet is the definition of an Unsecured network. The only way to prevent connection attempts is to unplug your computer from the Internet. It is exactly like trying to stop someone from talking to you.... You can kill the person, walk away, or where headphones so you don't hear them. At the end of the day you can not control what someone ells dose.
If you are dropping the packets then you have nothing to worry about. Those connection attempts are just infected Widows computers trying to infect other Windows computers.
Last edited by hunterthomson (2013-02-22 07:37:42)
Appreciate the response. The basics are clear to me now that I am not looking for an intricate explanation.