Another random attack on Port 137

[lightingft]

Hey guys,
So about three months, my PC was attacked on Port 137 from the IP '41.204.187.12'.
Today, I got 3 attacks again (like last time), but this time the IP is 43.225.193.178, same port.
What could these attacks mean? Should I be worried? I got this while doing things I do every day, not visiting any odd sites before or after, same visits and same programs. The only thing that I had open both times was a Peer to Peer client, but I have it on almost every day and this never happens, also the IP is nowhere in the peer list. As for the process, it shows none in MalwareBytes.

 

[Solandri]

Those IP addresses resolve to Kenya and India. A little surprising since these port scans usually come from China. Anyway, it's pretty normal. Curious people, hackers, or computers which have been assimilated into a botnet scan random IP addresses searching for any ports which have been left open. If they find one, they'll try to login using default passwords, or known flaws for common software services which use those ports. I used to run a mail/web server for a church, and based on the logs we got about 100 scans/attempts per hour on port 22 (SSH). (Yeah we moved the SSH to a different port.)

Is there some reason your PC is directly connected to the Internet? The easy way to deal with these is to use a router. The router lets connections from your computer to the Internet go out (and responses from the IPs you contact to come back in), and rejects everything else by default unless you forward the port. If your PC must be able to be contacted via port 137 (NETBIOS) from the Internet, I'd suggest getting a router with a VPN server built in. Then whoever needs to contact your computer over port 137 can first connect to your LAN via the VPN, which will encrypt all communication between the two as it travels over the Internet.

 

[lightingft]

Those IP addresses resolve to Kenya and India. A little surprising since these port scans usually come from China. Anyway, it's pretty normal. Curious people, hackers, or computers which have been assimilated into a botnet scan random IP addresses searching for any ports which have been left open. If they find one, they'll try to login using default passwords, or known flaws for common software services which use those ports. I used to run a mail/web server for a church, and based on the logs we got about 100 scans/attempts per hour on port 22 (SSH). (Yeah we moved the SSH to a different port.)

Is there some reason your PC is directly connected to the Internet? The easy way to deal with these is to use a router. The router lets connections from your computer to the Internet go out (and responses from the IPs you contact to come back in), and rejects everything else by default unless you forward the port. If your PC must be able to be contacted via port 137 (NETBIOS) from the Internet, I'd suggest getting a router with a VPN server built in. Then whoever needs to contact your computer over port 137 can first connect to your LAN via the VPN, which will encrypt all communication between the two as it travels over the Internet.

I don't think my PC is connected through NETBIOS, that's the thing. I'm using a router which does indeed have a VPN server. Thank you for the information though, that is very helpful.