|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Strange 192.168. UDP/138 Traffic
Hi everyone: I'm having some strange traffic show up on my PIX. Looking at the "show conn" I have many many machines attempting to make outbound UDP/138 connections to 192.168.x.x addresses. We don't have any 192.168.x.x addresses inside the company. This is blocked at our Internet router, so it's not going out, but still would like to know what this is. [Snip from "show conn | inc 192.168" on PIX] (Internal IP addresses changed to protect the innocent - or not so innocent) UDP out 192.168.19.100:138 in 1.2.5.108:138 UDP out 192.168.19.100:138 in 1.2.8.126:138 UDP out 192.168.19.100:138 in 3.4.0.151:138 UDP out 192.168.19.100:138 in 3.6.18.169:138 UDP out 192.168.19.100:138 in 3.6.18.75:138 UDP out 192.168.19.100:138 in 3.6.2.156:138 UDP out 192.168.19.100:138 in 3.6.26.99:138 UDP out 192.168.19.100:138 in 3.6.26.99:138 UDP out 192.168.19.100:138 in 3.6.28.95:138 UDP out 192.168.19.100:138 in 3.6.28.95:138 UDP out 192.168.19.100:138 in 3.6.32.166:138 UDP out 192.168.19.100:138 in 3.6.32.166:138 UDP out 192.168.19.100:138 in 3.6.36.81:138 UDP out 192.168.19.100:138 in 3.6.36.90:138 UDP out 192.168.19.100:138 in 3.6.4.66:138 UDP out 192.168.19.100:138 in 3.6.46.150:138 UDP out 192.168.19.100:138 in 3.6.46.150:138 UDP out 192.168.19.100:138 in 3.6.46.150:138 UDP out 192.168.19.100:138 in 3.6.46.82:138 UDP out 192.168.19.100:138 in 3.6.46.82:138 UDP out 192.168.19.100:138 in 3.6.50.72:138 UDP out 192.168.19.100:138 in 3.6.50.72:138 (and just keeps going and going and going...) These machines are all over the country, here are the unique 192.168. addresses they are all trying to connect to. 192.168.19.100 192.168.2.15 192.168.2.230 192.168.28.21 192.168.34.99 192.168.34.99 192.168.64.67 192.168.77.223 192.168.80.7 If anyone knows anything about this, I would appreciate some feedback. Feel free to reply off-line and I'll reply to the list with the responses. A Norton AV scan shows nothing. Thanks, - Darrell ====================================================================== Darrell Kristof, CISSP, CCNP, TICSA Network Manager/Team Leader Whole Foods Market, Corporate Offices E-Mail: [email protected]
|