F-Secure reports its receiving tcp 139 with source and destination address equal vlan interface brodacast address. Any ideas of what can causing this?

We quite often receive alarms from F-Secure FW saying its blocking malicious traffic on tcp 137 from source address VLAN/subnet broadcast address. (10.140.XXX.255)  as both source and destination address.
Does anybody know what can be the reason for this and how to find the source?
ZigginoAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
harbor235Connect With a Mentor Commented:


Odd, could be an attack, track down the source mac-address to see what switch port this system is connected to. i would have a clser look at this system


harbor235 ;}
0
All Courses

From novice to tech pro — start learning today.