|
Question : Suspicious Traffic on udp port 137 from a Domain Controller to unknown IP
|
|
Started from This June, we found several incidence that one of our windows domain controller (2003 SP1) tried to talk to 192.168.1xx.1 address with udp port 137 as both src and des port. Destination address varys but with 1xx.1 pattern. Internally, we've never use 192.168.x.x IP. We are thinking that some user might bring their own equirement with static configuration. But we could not give a reasonable explanation... Any thoughts, Thanks.
|
Answer : Suspicious Traffic on udp port 137 from a Domain Controller to unknown IP
|
|
Can you change a workstation IP to 192.168.x.x, with different subnet mask of 255.x.x.x, 255.255.x.x and 255.255.255.x and try to ping from there. If all no respnds, do a arp -a and see if you can see any mac address associate with the rogue IP.
|
|
|
|