From: "tiffini" <email@example.com>
| I have noticed some interesting traffic coming from one of my pc's and then to one of
| my pc's.
| First a little background.
| I have a befsr41 router with snmp :-) So I can log traffic going into my little
| network using wallwatcher and opmanager.
| I have one XP machine I leave on a lot. I notice that it is sending UDP outbound from
| L-port 137 to R-port 137. Then in a relatively short amount of time I see an inbound
| request from a different IP to ports 1026 ,1027, and 1028 from a different IP that the
| 137 was sent from. I have norton's running, and ad aware and spybot don't show
| The addresses seem to come from anywhere China, hong kong, even the US and Canada.
| Any Ideas of what this is:
As always, I suggest specifically blocking Both UDP and TCP ports 135 ~ 139 and 445 on *any*
Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm