Security Incidents mailing list archives
Re: Strange Traffic to ports 139 and 137 from a machine with no data
From: Joachim Schipper <j.schipper () math uu nl>
Date: Wed, 1 Mar 2006 09:52:51 +0100
On Tue, Feb 28, 2006 at 04:31:55PM -0000, loki74 () gmail com wrote:
Hello all, I have a machine that is sending out empty data packets destined to random ip addresses with a destination port of 137 and 139. All the IP Addresses seem to be a military and NOC location. I have attached some of the IP's below. I have ran antivirus, anti-spyware and rootkit detectors (sysinternals, and f-prot) all came up empty. I had found one other person on the internet that seemed to have this problem, but no resolution. Any ideas?
<snip: addresses>
If you are not interested in researching the malware on the machine,
nuke and reinstall. Sure, it may just be an innocuous misconfiguration,
but reinstalling tends to be at least as fast and give better results,
too. In any case, take it off the net, or the rest of your LAN may be
zombified soon. Like, yesterday.
Joachim
Current thread:
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Joachim Schipper (Mar 01)
- <Possible follow-ups>
- Re: Strange Traffic to ports 139 and 137 from a machine with no data loki74 (Mar 01)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data loki74 (Mar 01)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 01)
- Message not available
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Loki 74 (Mar 02)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 02)
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 01)
- Message not available
- Re: Strange Traffic to ports 139 and 137 from a machine with no data Stephen J. Smoogen (Mar 02)