Hi, On Wed, Feb 26, 2014 at 10:57:07PM -0600, Frank Bulk wrote: > I suggest using Microsoft Network Monitor > (http://www.microsoft.com/en-us/download/details.aspx?id=4865) to identify > the processing sending out that traffic.
We did. It says "unknown"... But I think Daniel's find is spot-on, as https://malwr.com/analysis/ZDg2MzhjNmJhOGIxNGNiM2I2NmRkMTMzODBkZjllYmY/ shows the string we saw in the packet (click on "static analysis" -> "strings" -> "RELARELAY_RESPONDRELA"), a "McAffee Framework Service" is indeed installed and that "seems to be a known side effect" - though nobody seems to have observed this on IPv6 yet... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
pgpk1po1jEHQU.pgp
Description: PGP signature
