|
-
October 27th, 2004, 10:15 PM
#11
Hi coVert
Thanks for the screener - it gives an idea of the ip range involved.
However, since you have erased the destination ip, I assume it is
not 10.100.168.255, but the ip of your machine.
Indeed, a lot of machines send you these UDP 137 packets - all within
1 sec. A question: Are these incidents repeating or just
within these 1-2 secs (I guess repeating)? In order to understand what
actually happens, we should have an example how a packet like that looks like...
Anyway, an assumption:
Is your box sending out WINS broadcasts UDP 137 packages to the
IP adress 10.100.255.255, resp. 10.100.136.255, 10.100.137.255, ...
(log all outbound activities on UDP 137)? If so, then some of the machines in
your subnet, running Windows, Samba,... might just answer [1]?
And if this is repeating: Track down the program (also with ZA) that is
sending these WINS broadcasts. Does this make sense?
Again, it might be worth to get in contact with your network administrator.
[1] http://www.secinf.net/misc/An_analys...rotocols_.html
/edit:
Sorry, cannot fix this link.
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote