Security Incidents mailing list archives
Re: Strange Traffic to ports 139 and 137 from a machine with no data
From: loki74 () gmail com
Date: 1 Mar 2006 16:55:00 -0000
This box is running Windows 2003, all the latest patches, it has a private RFC 1918 Address, and does not have nat to
get to the internet.
I did do a ethereal capture, and the traffic had the capture, but I am not sure how to upload it here.
THis is a excel dump:
1723 7-Dec-05 7:56:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 128.74.156.108
tcp 8 2668
2629 7-Dec-05 12:46:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.118.36.8
tcp 8 2744
2118 7-Dec-05 10:36:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.127.246.104
tcp 8 2710
134 7-Dec-05 0:56:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.138.128.168
tcp 8 2550
1619 7-Dec-05 6:56:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.140.183.168
tcp 8 OAS-NameServer
958 7-Dec-05 5:46:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.146.63.104
tcp 8 2628
1486 7-Dec-05 6:06:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.149.222.200
tcp 8 2634
280 7-Dec-05 1:46:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.155.92.8
tcp 8 hp-3000-telnet
596 7-Dec-05 3:36:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.159.181.104
tcp 8 2594
1909 7-Dec-05 9:16:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.187.216.72
tcp 8 2689
1497 7-Dec-05 6:16:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.191.199.8
tcp 8 2638
2257 7-Dec-05 11:16:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.197.155.8
tcp 8 2720
1698 7-Dec-05 7:46:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.203.77.232
tcp 8 2665
463 7-Dec-05 2:56:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.205.80.8
tcp 8 2583
684 7-Dec-05 4:16:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.214.49.104
tcp 8 2604
1805 7-Dec-05 8:36:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.218.106.40
tcp 8 2679
2107 7-Dec-05 10:26:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.219.200.72
tcp 8 2707
2524 7-Dec-05 12:26:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.220.251.232
tcp 8 2740
2427 7-Dec-05 11:56:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.223.78.8
tcp 8 2731
2923 7-Dec-05 13:56:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.225.62.8
tcp 8 2763
747 7-Dec-05 4:36:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.243.250.200
tcp 8 2609
550 7-Dec-05 3:26:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.255.206.104
tcp 8 2591
1409 7-Dec-05 5:56:18 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.42.104.200
tcp 8 2631
3017 7-Dec-05 14:26:19 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbsession SERVER2 132.60.179.232
tcp 8 2772
3019 7-Dec-05 14:26:37 VPN-1 & FireWall-1 eth2c0
firewall Log Drop nbname SERVER2 132.60.179.232 udp
8 nbname
Current thread:
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Joachim Schipper (Mar 01)
- <Possible follow-ups>
- Re: Strange Traffic to ports 139 and 137 from a machine with no data loki74 (Mar 01)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data loki74 (Mar 01)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 01)
- Message not available
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Loki 74 (Mar 02)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 02)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 01)
- Message not available
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 02)