i see an impossible ip packet alert being triggered on the cisco ips sensors. the traffic is from and to one of the domain controllers on udp port 138. this may be indicative of land attack but it is happening on a couple of servers. also, the servers are properly patched and nothing malacious was detected on the servers. the other servers are not DCs.
does anyone know more about this?