[Dshield] MS patch KB824105 starts strange UDP/137 probes?
efritz at glja.com
Thu Sep 18 20:24:08 GMT 2003
I'm running into an interesting situation in my corporate LAN. We have
two W2K (SP3) machines, to which we applied KB824105. This is a NetBIOS
Ever since the machines were patched, I'm seeing UDP/137 traffic from
them to 22.214.171.124, every ten minutes. My firewall blocks UDP/137
(NetBIOS name requests), naturally, so no harm is done. Four or five
packets are sent each time.
I'm intrigued, since 126.96.36.199 isn't a reserved IP address. That address
isn't currently assigned to anything, though.
Anybody else run into this?
Gilbert Laustsen Jung Associates Ltd.
More information about the list