Dear All
I was solving a networking problem on an isolated test network with tcpdump and am seeing very suspcious-looking Net BIOS name requests for domains entirely unrelated to me. There's one Windows XP machine, recently switched on, which is sending them.
These are the namesHEROLADAAW.BIZ
MUSI-C-LIPS.COM
REPKAMOUSE.NET
RULESSELUR.COM
Output from tcpdump -vvv shows they're all of this form:
Code:
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=0x8D25
OpCode=0
NmFlags=0x11
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=RULESSELUR.COM NameType=0x00 (Workstation)
QuestionType=0x20
QuestionClass=0x1
It's the only Windows machine on the network; there's no Samba; there's no route out.
Opinions welcomed.
Many thanks,
Jonathan.
EDIT: Run for about an hour, list of names now
GAMEVID.COM
HEROLADAAW.BIZ
MUSI-C-LIPS.COM
REPKAMOUSE.NET
RULESSELUR.COM
SPORT-TUBE.COM
SR4.ZAPSERV.COM
SU3.MCAFEE.COM
TUBEFASTER.COM
VOLKAHATAB.CC
WWW.GOOGLE.COM
WWW.MADRIX.COM
Bookmarks