Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Strange Traffic to ports 139 and 137 from a machine with no data

from [loki74] Network Security [Permanent Link]
Subject: Re: Strange Traffic to ports 139 and 137 from a machine with no data
Date: 1 Mar 2006 16:55:00 -0000 
This box is running Windows 2003, all the latest patches, it has a private RFC 
1918 Address, and does not have nat to get to the internet.

I did do a ethereal capture, and the traffic had the capture, but I am not sure 
how to upload it here.

THis is a excel dump:

        1723            7-Dec-05                7:56:19         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         128.74.156.108          
tcp             8               2668
        2629            7-Dec-05                12:46:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.118.36.8            
tcp             8               2744
        2118            7-Dec-05                10:36:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.127.246.104         
tcp             8               2710
        134             7-Dec-05                0:56:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.138.128.168         
tcp             8               2550
        1619            7-Dec-05                6:56:19         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.140.183.168         
tcp             8               OAS-NameServer
        958             7-Dec-05                5:46:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.146.63.104          
tcp             8               2628
        1486            7-Dec-05                6:06:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.149.222.200         
tcp             8               2634
        280             7-Dec-05                1:46:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.155.92.8            
tcp             8               hp-3000-telnet
        596             7-Dec-05                3:36:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.159.181.104         
tcp             8               2594
        1909            7-Dec-05                9:16:19         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.187.216.72          
tcp             8               2689
        1497            7-Dec-05                6:16:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.191.199.8           
tcp             8               2638
        2257            7-Dec-05                11:16:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.197.155.8           
tcp             8               2720
        1698            7-Dec-05                7:46:19         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.203.77.232          
tcp             8               2665
        463             7-Dec-05                2:56:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.205.80.8            
tcp             8               2583
        684             7-Dec-05                4:16:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.214.49.104          
tcp             8               2604
        1805            7-Dec-05                8:36:19         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.218.106.40          
tcp             8               2679
        2107            7-Dec-05                10:26:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.219.200.72          
tcp             8               2707
        2524            7-Dec-05                12:26:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.220.251.232         
tcp             8               2740
        2427            7-Dec-05                11:56:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.223.78.8            
tcp             8               2731
        2923            7-Dec-05                13:56:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.225.62.8            
tcp             8               2763
        747             7-Dec-05                4:36:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.243.250.200         
tcp             8               2609
        550             7-Dec-05                3:26:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.255.206.104         
tcp             8               2591
        1409            7-Dec-05                5:56:18         VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.42.104.200          
tcp             8               2631
        3017            7-Dec-05                14:26:19                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbsession               SERVER2         132.60.179.232          
tcp             8               2772
        3019            7-Dec-05                14:26:37                VPN-1 & 
FireWall-1              eth2c0          firewall                Log             
Drop            nbname          SERVER2         132.60.179.232          udp     
        8               nbname
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strange Traffic to ports 139 and 137 from a machine with no data, Joachim Schipper
Next by Date:  Re: Strange Traffic to ports 139 and 137 from a machine with no data, loki74
Previous by Thread:  Re: Strange Traffic to ports 139 and 137 from a machine with no data, Joachim Schipper
Next by Thread:  Re: Strange Traffic to ports 139 and 137 from a machine with no data, loki74
Indexes:  [Date] [Thread] [Top] [All Lists]