On 28 Feb 2006 16:31:55 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello all, > I have a machine that is sending out empty data packets destined to random > ip addresses with a destination port of 137 and 139. All the IP Addresses > seem to be a military and NOC location. I have attached some of the IP's > below. I have ran antivirus, anti-spyware and rootkit detectors > (sysinternals, and f-prot) all came up empty. I had found one other person > on the internet that seemed to have this problem, but no resolution. Any > ideas?
I'd try using TDIMon (http://www.sysinternals.com/Utilities/TdiMon.html) from SysInternals to see what process is sending the packets and start from there. -- Kyle Maxwell http://caffeinatedsecurity.com [EMAIL PROTECTED]
