Security Incidents mailing list archives

Re: Strange Traffic to ports 139 and 137 from a machine with no data

From: "Mark Owen" <mr.markowen () gmail com>
Date: Tue, 28 Feb 2006 17:10:20 -0500

On 28 Feb 2006 16:31:55 -0000, loki74 () gmail com <loki74 () gmail com> wrote:

Hello all,
I have a machine that is sending out empty data packets destined to

random ip addresses >with a destination port of 137 and 139.  All the
IP Addresses seem to be a military and NOC >location.  I have attached
some of the IP's below.  I have ran antivirus, anti-spyware and

rootkit detectors (sysinternals, and f-prot) all came up empty.  I

had found one other person >on the internet that seemed to have this
problem, but no resolution. Any ideas?

What OS and version are you running?


--
Mark Owen

Current thread:

Strange Traffic to ports 139 and 137 from a machine with no data loki74 (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Kyle Maxwell (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Dude VanWinkle (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Mark Owen (Feb 28)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stef (Feb 28)