Re: Why is win2000 broadcasting?

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/18/04 

Date: Wed, 18 Aug 2004 01:29:19 GMT

Maybe the machine that is sending out the broadcasts is the browse master. Nbtstat -n
would show if it is. --- Steve

"Thomas Scheiderich" <tfs@deltanet.com> wrote in message
news:10i3416fhj4gg05@corp.supernews.com...
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:fcfUc.265540$a24.205687@attbi_s03...
>> This can be entirely normal on a network, particularly if there are shared
> printers
>> and mapped drives. A virus or worm usually will usually flood your network
> with
>> thousands of packets per minute often trying to access random IP addresses
> on the
>> network for IP addresses that do not even exist with port 135 being a
> favorite attack
>> port. I would enable auditing of logon events and look in the security log
> for failed
>> logon attempts on the Windows computers. A lot of failed logons could
> indicate a
>> problem with a worm or a hack. Zone alarm should tell the
> application/process that is
>> trying for network access.
>>
>> http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958 -- basic
> auditing.
>>
>> I would also suggest that you scan your computer for virus and worms using
> virus
>> definitions current as of today from your vendors website. Parasites can
> also cause
>> unexplained network activity. Parasites are not usually considered
> destructive and
>> will not be detected by a virus scan program. AdAware is a great free
> program to
>> detect and remove parasites and spyware. Be sure to update it before
> scanning, which
>> you can do when you first open the program, and delete your cookies and
> temporary
>> internet files so that will not clutter up AdAware "found" screen with
> minor
>> ssues. --- Steve
>
> I have done all of this already and I agree that a virus will probably do
> more that just a few access to some of my machines.
>
> In my case, there is nothing else being done. I have zone alarm on one
> machine and nothing is being done on any of the machines. But my machine
> just starts to doing a broadcast, for some reason, and if the Mac is on the
> network, it seems to answer and there are a few packets sent back and forth.
> If the Mac is turned off, another machine will answer.
>
> I am just trying to figure out why this is happening.
>
> Thanks,
>
> Tom.
>>
>> http://www.lavasoftusa.com/software/adaware/
>>
>> "Thomas Scheiderich" <tfs@deltanet.com> wrote in message
>> news:10i2pbenmn8f1bc@corp.supernews.com...
>> >I am trying to figure out what is happening on my system. I am looking
> to
>> > see if I have a virus on my system and have zonealarm telling me that
> there
>> > is some talking going on and I am trying to make sure it is all kosher.
>> >
>> > I periodically have my Win2000 sending broadcasts and one of my machines
>> > will answer and then send a bunch of packets back and forth.
>> >
>> > What I am getting is something like this - Trilobyte is my W2k Pro
> machine
>> > and my wifes Mac will answer. If the Mac is off, another machine will
>> > answer.
>> >
>> > Here is the approximate packet requests (translated by my Observer
> program):
>> >
>> > Trilobyte -> broadcast NetBios Name Service (Q)uery request -- UDP
>> > (137->137)
>> > Mac->Trilobyte NetBios Name Service (Q)uery response -- UDP
>> > (137->137)
>> > Trilobyte-Broadcast Arp Request (192.168.122.7 ->
> 192.168.122.44) --
>> > 802.2LLC [information poll on] S=0,R=0
>> > Mac-Broadcast Arp Reply (192.168.122.44 ->
> 192.168.122.7) --
>> > 802.2LLC [information poll on] S=0,R=0
>> > Trilobyte-Broadcast SMB_COM_TRANSACTION_REQUEST NetBios Datagram
>> > Service Direct Group Datagram
>> >
>> > It then does a couple more NetBios packets (Query requests and
> Transaction
>> > requests)
>> >
>> > Then it stops and does it again a little while later.
>> >
>> > Why would it be doing this?
>> >
>> > Thanks,
>> >
>> > Tom
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Re: Why is win2000 broadcasting?
    ... > Maybe the machine that is sending out the broadcasts is the browse master. ... >> I have done all of this already and I agree that a virus will probably ... >> network, it seems to answer and there are a few packets sent back and ... >> If the Mac is turned off, ...
    (microsoft.public.win2000.networking)
  • RE: Securing a Local Network
    ... How much would it cost if a virus infected one ... be if a competitor hacked into their network and was able to access all ... Third issue is virus protection. ... can infect you from numerous other sources. ...
    (Security-Basics)
  • RE: Using viruses in pen-test
    ... I wonder if there is some type of "fake" virus you could use in this case. ... David A. Swafford, Network Engineer ... I wish to know your views on "Using viruses in pen-test"I ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: If you used to use Windows or now used Windows less because of FreeBSD why?
    ... > but I've never had any virus or other malware on it. ... > network. ... then build a recommended s/w suite on that. ... toaster, not very expensive crap computers made to be less useful than ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Lost access to home network
    ... virus scans on the CDs ... then beginning again with a fresh install. ... I have 3 computers on a network. ... Then post the logs to an appropriate forum where they specialize in ...
    (microsoft.public.windowsxp.general)