I am working on an issue involving the NAT tables flooding on a router and I am seeing the IP address 126.96.36.199 showing up everywhere. It is always the destination address for a connection on TCP 137 or 139. The machines connecting to this address are servers.
Some people have suggested that these machines are infected with malware or the like. Fine, but I scanned the servers in question to make sure that is not the case. If you google around you will see it shows up in many logs and whatnot. In fact, it is referenced in several EE cases but it is never explained.
I also went to one of the servers in question and cannot find any of these connections in the netstat results. Is this something to be ignored, something indicating configuration issues or something indicating viral/mal issues?