tiffini skrev:
> Hi,
>
> I have noticed some interesting traffic coming from one of my pc's and
> then to one of my pc's.
> First a little background.
> I have a befsr41 router with snmp :-) So I can log traffic going into
> my little network using wallwatcher and opmanager.
>
> I have one XP machine I leave on a lot. I notice that it is sending UDP
> outbound from L-port 137 to R-port 137. Then in a relatively short
> amount of time I see an inbound request from a different IP to ports
> 1026 ,1027, and 1028 from a different IP that the 137 was sent from. I
> have norton's running, and ad aware and spybot don't show anything.
> The addresses seem to come from anywhere China, hong kong, even the US
> and Canada.
>
>
> Any Ideas of what this is:
>
Ports 137,138,139 and 445 is file sharing protocols mainly for Windoze
machine's or system running SMB.
If you can close this ports in you're router, do that.

Ports 1024, 1025, 1027, 1028, 1029 and 1030 is normally used by spam
coming from almost anywhere.
Closing this ones is a god idea to do, so you don't get nice little
pop-ups asking you stupid questions.

--
/Anders
-It is a terrible way to kill you self, this crucifying.
-It's no way you be able to hammer in the last nail!
The manic-depressive character 'Neil' from 'the Young one's'