[Dshield] icmp <-> udp ???
moritz at uplink-verein.ch
Mon Jan 17 10:51:28 GMT 2005
stephane nasdrovisky wrote:
>> the server sends every 2 mins an icmp-paket to a host outside my
>> network. the host is answering with a udp packet. has anyone ever seen
>> something like this? WINS? VPN? the ip outside was chaning over the
>> time, but stayed in class c subnet.
> The answer is the icmp, not the udp (have a close look at the
> timestamps). netbios-something usually is ms netbios related: either
> somone who tries to browse your files (low probability) or a worm (the
> strange thing is you see these packets coming from a single class c
> network, they usually comes from aeverywhere, it could be an isp acl
> side-effect. Is your isp the owner of 22.214.171.124/24 network?).
but it makes no sense to, that a server outside my lan. netbios over a nat router? and why it is
only trying to connect to this server?
126.96.36.199/24 is not our ISP, it is the carrier.
it makes no sense for me. this server shouldn't try to connect to my server.
More information about the list