[PEN-TEST] question

["Skullaria () Earthlink net" <skullaria () EARTHLINK NET>]

I hope someone can answer this for me.
I was running win98 with zone alarm.  I ran a netstat -a and it showed
123banners.com was listening on port 137, 138 and hour other higher grabbed
ports.  I thought perhaps I had spyware, but the 137 and port 138 port
bugged me.
I locked down zone and checked for running processes until I just had bare
minimum running.  Zone was locked except for netstat itself.
Still, I was showing these ports were listening.  I ran netcat from another
machine and the ports were wide open, as if zone alarm wasn't there.  I did
notice however, that the 123banners.com was resolving to 0.0.0.0, so I
looked at my host file.

I have only a very slow dial up, so a few months back when I first started
playing with tcp/ip and dns, I had altered it so that all banner ads
resolved to 0.0.0.0.  ( I had originally set to loopback but someone in a
mail list mentioned it was even faster set to 0.0.0.0. so I did that.)

Well, 123banners.com was at the top of that list.  I set that entry to
loopback, then watched as the next item down set to 0.0.0.0 took ports 137,
138 and grabbed some higher ports.  I changed those hostfile entries I never
want successfully resolved to loopback, and everything is ok now.

My question is, why did that happen?  What makes something set to resolve at
0.0.0.0 make ports wake up and open their digital ears?

I don't know much about this stuff, I just seriously enjoy it.  Can anyone
explain this?

Thanks,

-Kristi