Looking at network traffic with a sniffer, I see that many of the computers on my LAN are methodically and repeatedly establishing and closing NBT sessions with the IPC$ of computers on other LAN’s on our shared WAN. One consultant told me he hadn’theard of this before and thought we might have a worm — another security expert told me it was expected Windows behavior.
Where can I go to learn what is happening and why? We are running a Windows NT 4.0 domain, with NT workstations and a scattering of 95 & 2000 porfessional workstations.