Question : Suspicious Traffic on udp port 137 from a Domain Controller to unknown IP

Started from This June, we found several incidence that one of our windows domain controller (2003 SP1) tried to talk to 192.168.1xx.1 address with udp port 137 as both src and des port. Destination address varys but with 1xx.1 pattern. Internally, we've never use 192.168.x.x IP. We are thinking that some user might bring their own equirement with static configuration. But we could not give a reasonable explanation... Any thoughts, Thanks.

Answer : Suspicious Traffic on udp port 137 from a Domain Controller to unknown IP

Can you change a workstation IP to 192.168.x.x, with different subnet mask of 255.x.x.x, 255.255.x.x and 255.255.255.x
and try to ping from there. If all no respnds, do a arp -a and see if you can see any mac address associate with the rogue IP.

Random Solutions

IMPORTANT - WAP 1.x vs. the Internet: Does a legal agreement to license content on the "Internet" include the ability to use WAP as well??

How do I split the _msdcs section from the root domain DNS zone?

VPN Module problem in a Cisco 1721 router

backup cisco router config.

Which secure FTP (SSL or SSH) has the least performance hit

Azureus slows down whole network

wireless network detected and connected to with excellecnt signal. Cannot acces internet

Changing carreer from Programming to Networking, thinking about CCNA or MCSE

Windows XP Pro network connection drop - WEIRD problem

Asterisk CDR "billsec" problem