F-Secure reports its receiving tcp 139 with source and destination address equal vlan interface brodacast address. Any ideas of what can causing this?

We quite often receive alarms from F-Secure FW saying its blocking malicious traffic on tcp 137 from source address VLAN/subnet broadcast address. (10.140.XXX.255)  as both source and destination address.
Does anybody know what can be the reason for this and how to find the source?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

harbor235Connect With a Mentor Commented:

Odd, could be an attack, track down the source mac-address to see what switch port this system is connected to. i would have a clser look at this system

harbor235 ;}
All Courses

From novice to tech pro — start learning today.