I was solving a networking problem on an isolated test network with tcpdump and am seeing very suspcious-looking Net BIOS name requests for domains entirely unrelated to me. There's one Windows XP machine, recently switched on, which is sending them.
These are the names
HEROLADAAW.BIZOutput from tcpdump -vvv shows they're all of this form:
It's the only Windows machine on the network; there's no Samba; there's no route out.
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
Name=RULESSELUR.COM NameType=0x00 (Workstation)
EDIT: Run for about an hour, list of names now