[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1247
  • Last Modified:

F-Secure reports its receiving tcp 139 with source and destination address equal vlan interface brodacast address. Any ideas of what can causing this?

We quite often receive alarms from F-Secure FW saying its blocking malicious traffic on tcp 137 from source address VLAN/subnet broadcast address. (10.140.XXX.255)  as both source and destination address.
Does anybody know what can be the reason for this and how to find the source?
0
Ziggino
Asked:
Ziggino
1 Solution
 
harbor235Commented:


Odd, could be an attack, track down the source mac-address to see what switch port this system is connected to. i would have a clser look at this system


harbor235 ;}
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now