General discussion

Locked

New sightings on our network

By sgrady ·
Hi folks, I just recently joined Tech Republic, but since I'm seeing some new things on our network, I thought I'd jump on in and ask your advice.
While watching Ethereal Thursday, I saw Nbstat requests going out of my station to, seemingly, random computers on our system (we have about 800), but I cannot find Nbstat on my computer. I opened a program called Advanced Administrative Tools (G-Lock Software) to their network monitor and saw an unusual address I hadn't seen before with an established connection, that disappeared after about 5 seconds. I checked running processes and saw two instances of cmd.exe running. Every time I open the AA Tools program now, there is that address with a "syn" attached to AATools, then it goes away. When I boot, there will be two "cmd.exe" running. I'm convinced there is a script running somewhere, but I don't know how to track it down. Any suggestions?

Sean O Grady
EBCI/IT

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Security Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums