Thread: interesting traffic
View Single Post
  #6 (permalink)  
Old 12-29-2006, 08:39 PM
David H. Lipman
Guest
  
Posts: n/a
Default Re: interesting traffic
From: "tiffini" <tiffini@val13xr8.org>

| Hi,

| I have noticed some interesting traffic coming from one of my pc's and then to one of
| my pc's.
| First a little background.
| I have a befsr41 router with snmp :-) So I can log traffic going into my little
| network using wallwatcher and opmanager.

| I have one XP machine I leave on a lot. I notice that it is sending UDP outbound from
| L-port 137 to R-port 137. Then in a relatively short amount of time I see an inbound
| request from a different IP to ports 1026 ,1027, and 1028 from a different IP that the
| 137 was sent from. I have norton's running, and ad aware and spybot don't show
| anything.
| The addresses seem to come from anywhere China, hong kong, even the US and Canada.


| Any Ideas of what this is:


As always, I suggest specifically blocking Both UDP and TCP ports 135 ~ 139 and 445 on *any*
SOHO Router.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Reply With Quote