Security Incidents mailing list archives
Re: Strange Traffic to ports 139 and 137 from a machine with no data
From: Stef <stefmit () gmail com>
Date: Tue, 28 Feb 2006 16:18:30 -0600
Can you set up a packet capture of some sort (windump, tethereal), with whole frame snaplength (-s 1514), and analyze or post the results? Stef On 28 Feb 2006 16:31:55 -0000, loki74 () gmail com <loki74 () gmail com> wrote:
Hello all, I have a machine that is sending out empty data packets destined to random ip addresses with a destination port of 137 and 139. All the IP Addresses seem to be a military and NOC location. I have attached some of the IP's below. I have ran antivirus, anti-spyware and rootkit detectors (sysinternals, and f-prot) all came up empty. I had found one other person on the internet that seemed to have this problem, but no resolution. Any ideas?
<snip>
Current thread:
- Strange Traffic to ports 139 and 137 from a machine with no data loki74 (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Kyle Maxwell (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Dude VanWinkle (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Mark Owen (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stef (Feb 28)