can someone with IT exp explain this one?

[llsteve80]

I know a bunch of you guys are techies of some sort, so here's a question I have.

I'm running peer guardian, not downloading anything at all, I just run it all the time. A bunch of people from this school got sued last year for pirated music so I'm staying away from that, but still feels safer with the extra firewall PG provides.

But even with no bittorrent client or P2P network running, heck even with no browser running, PG is blocking tons of traffic from the school. What does does this mean? Are they trying to scan my comp or something? I don't care for censorship, spying, or any of that stuff like google analytics.

Heres a screenshot:

[Digital]

It looks like it's SNMP traffic, not a huge deal.

[Pugwash]

Port 137 is your Windows sharing being probed. Port 1900 is most likely Windows Messenger, scanning for UPNP.

None of this is dangerous, but it's why network administrators consider Windows a hateful liability. You connect your PC to the LAN and it tells everyone around you "Hey, look at me! Try and see if I'm sharing stuff or providing services!" without your approval.

[Pugwash]

It looks like it's SNMP traffic, not a huge deal.

SNMP on the netbios ports?

[llsteve80]

thanks pug and digital

[P4GTR]

Do you have a need to connect to shared network resources, like a network printer, or network drives? Or just simply personal pc use via the schools internet provider?

[llsteve80]

Do you have a need to connect to shared network resources, like a network printer, or network drives? Or just simply personal pc use via the schools internet provider?

No need to share printers or any of that although it is possible to do so if needed. Right now just using the ISP. Of course had to install the schools preferred virus protection and cisco clean agent to protect the network I guess. Supposedly it can tell if your copy of windows is legit, and if not you will have no access.

[Digital]

SNMP on the netbios ports?

Yep, you can do it; more accurately it can be done.

[Pugwash]

Yep, you can do it; more accurately it can be done.

Of course it can be done. The problem is both client and server need to explicitly be told to use the non-standard ports.

[Shundi]

Hmm I thought I posted here before but for some reason it didn't show up...

If you click PeerGuardian, select "List Manager" and uncheck "Educational" and keep "Government", "Spyware" and "P2P" blocked it should stop blocking NIU (Unless for some reason you'd need other .edu domains blocked).

[P4GTR]

Port 137 is your Windows sharing being probed. Port 1900 is most likely Windows Messenger, scanning for UPNP.

You connect your PC to the LAN and it tells everyone around you "Hey, look at me! Try and see if I'm sharing stuff or providing services!" without your approval.

Which is why I'm thinking he should at least remove file and printer sharing from his stack. He's not connecting to any shared network resources, couldn't hurt.