|
Posted by Maxime Ducharme on March 18, 2005, 9:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Another important point
A server that sends a packet to itself wont
use network media (i.e. cable) to send the
packet since it is local.
If the IDS isnt on the same machine, it should not
see these packets, so these are likely to come from
somewhere else.
It can be Internet, or another server. Try to capture
the MAC address and see if it is your router or a server.
Good luck :)
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
> Hi, we have a couple of servers on our network that are sending UDP
> packets port 137 and 138, NetBIOS, to themselves. The source IP and
> destination IP is the same and they show up in our IDS as 'impossible
> ip packets', I'm wondering if you think something on these servers
> might have been miss configured at one time. They're Windows 2003
> servers, one is our PDC and the other is a DHCP server. Thank you for
> any help you may give.
>
>
>
> Rossella Mariotti-Jones
>
> Network Analyst, CCNA
>
> Chemeketa Community College / IT
>
> T 503 589 7775
>
> F 503 399 4898
>
> E rossella@chemeketa.edu
>
> www.chemeketa.edu
>
| 
XML site map