Security Basics mailing list archives
Re: Suspicious network activity advice
From: davestout () hotmail com
Date: 3 Jan 2007 16:22:56 -0000
I'm very sure I've seen this behavior before but I have since been made redundant from the company that had the problem so can't refer to the network captures I performed. Basically the Master browser suggestion holds some water. We had a problem browsing computers by NetBIOS name as they were not being listed under the domain listing correctly. When performing network captures I located that the NetBIOS master browser was indeed a Unix based machine. Now the Unix based machines were not connected to the Windows domain so the NetBIOS names were not visible on the Domain.... hence the problem I was investigating. Now I remember that during performing network captures I am sure that the Master Browser computer scans through all NetBIOS names alphabetically to keep the table refreshed. I also remember reading an article that showed that the NetBIOS information is passed to the Domain via the master Browser and if this is your PC then it may account for the information. Spending 5 minutes with ethereal to observe this traffic and actually analysing would have saved a lot of time and effort and I've seen people running around like headless chickens on a fault that was solved after a 2 minute network capture. Again without access to the traces anymore I can't be 100% certain this may be your case, but it sounds very close to something I remember observing. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Re: RE: Suspicious network activity advice levinson_k (Jan 02)
- <Possible follow-ups>
- RE: Suspicious network activity advice Jim Parkhurst (Jan 04)
- Re: Suspicious network activity advice davestout (Jan 04)
- Re: Suspicious network activity advice davestout (Jan 04)
- RE: Suspicious network activity advice Murda Mcloud (Jan 04)
- Re: Re: Suspicious network activity advice levinson_k (Jan 05)
- Monitoring System_DB Admin activities WALI (Jan 08)