F-Secure reports its receiving tcp 139 with source and destination address equal vlan interface brodacast address. Any ideas of what can causing this?

We quite often receive alarms from F-Secure FW saying its blocking malicious traffic on tcp 137 from source address VLAN/subnet broadcast address. (10.140.XXX.255)  as both source and destination address.
Does anybody know what can be the reason for this and how to find the source?
ZigginoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
harbor235Connect With a Mentor Commented:


Odd, could be an attack, track down the source mac-address to see what switch port this system is connected to. i would have a clser look at this system


harbor235 ;}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.