RE: strange network trafficFrom: Chris Norris (email@example.com)
- Previous message: John Canty: "RE: Backups"
- In reply to: C Boening: "strange network traffic"
- Next in thread: Garbrecht, Frederick: "RE: strange network traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris Norris" <firstname.lastname@example.org> To: <email@example.com> Date: Fri, 16 Aug 2002 18:36:24 +0100
I sincerely recommend you do get a firewall. Just find a junk PC and put
linux on it if there is no budget for it, cost = nothing!
From: C Boening [mailto:firstname.lastname@example.org]
Sent: 15 August 2002 22:41
To: security basics
Subject: strange network traffic
We are experiencing some network activity which has me baffled. I am
relatively new to network security so I hope I won't get flamed too bad
. Here's what's going on: About 2 months ago our sniffer (commview)
started capturing traffic from
192.168.0.2 as coming from our network. We have no such ip address. All
routers, switches, servers, annexes, printers , wireless,... have been
checked hands on. No such IP asigned to any of our devices. The packets
coming from this ip contain the nbstat command. They are sent to several
servers only. Server responds with an answer to nbstat (the usual
stuff). 192 ip then sends traffic to several outside ip's, ie
doubleclick, uunet, and others. What could cause this traffic and where
could it possibly come from? Another sniffer, Capsa, shows 192 as
belonging to our intranet. We do not have a firewall (yes, I know, but
it's not up to me or my dept head), except for a couple which we run on
individual pc's . Purchasing a firewall at this time is not an option.
Can somebody help me out?