Incidents
Re: Re: Odd traffic again...... internal --> 100.100.100.1 (137-udp) Aug 26 2006 02:43PM
i m crazy frog gmail com (1 replies)
Re: Odd traffic again...... internal --> 100.100.100.1 (137-udp) Aug 26 2006 09:24PM
Kevin Johnson (kjohnson secureideas net)

On Aug 26, 2006, at 10:43 AM, i.m.crazy.frog (at) gmail (dot) com [email concealed] wrote:

> Hi,
> from the link http://www.linklogger.com/UDP137.htm
> "Netbios Name Service is typically how Windows computers find out
> information concerning the networking features offered by a
> computer, such as System Name, File Shares, etc."
> i dont say anyting with out seeing the data.if possible pls attach
> ur ethereal cap file.
> Thanks,
> http://www.secgeeks.com
>

Hi-

At a customer location, I saw this exact issue. They had a Xerox
printer hooked up to the network. The printer comes with a PC that
controls the print jobs. The communication on this machine to the
printer is on a private network that Xerox decided to use the
100.100.100.0 network. For some reason this machine will try and
route traffic over the wrong interface quite often. This is why you
will see drops from your firewall. I can't guarantee that this is
what you are seeing, but it looks exactly the same.

Kevin
---------------------
GCIA, GCIH, CEH
BASE Project Lead
http://base.secureideas.net
The next step in IDS analysis!

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus