Strange Network Traffic:

I am not sure if the is the right forum or not, but i know you linux
guys are smart so i'll ask you... I have been monitoring some strange
traffic on our network. We have a couple of computers that even when
idle are creating a lot of traffic. for one of these computers, we
did a clean install of the os, put a new network card and turned it
back on, and we had the same issue. also we are getting some strange
outbound traffic on our router. how can we find out what is going on?
what is the next step? Here is some of the router log... Thanks in
advance, Cal

Outgoing log table
Oct 7 18:18:02 2004 Connection Refused - Policy violation TCP
192.168.1.63:3394->192.174.0.137:445 on ixp1
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4218->192.175.164.245:445 on ixp1
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4219->192.175.164.246:445 on ixp1
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4220->192.175.164.247:445 on ixp1
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4221->192.175.164.248:445 on ixp1
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4420->192.175.164.249:445 on ixp1
Oct 8 20:18:24 2004 Connection Refused - Policy violation TCP
192.168.1.63:4150->192.188.34.243:445 on ixp1
Oct 8 20:18:24 2004 Connection Refused - Policy violation TCP
192.168.1.63:4151->192.188.34.244:445 on ixp1
Oct 9 22:22:20 2004 Connection Refused - Policy violation TCP
192.168.1.48:4735->192.171.80.86:445 on ixp1
Oct 9 22:22:20 2004 Connection Refused - Policy violation TCP
192.168.1.48:4736->192.171.80.87:445 on ixp1
Oct 9 22:22:20 2004 Connection Refused - Policy violation TCP
192.168.1.48:4737->192.171.80.88:445 on ixp1
Oct 10 08:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2060->192.169.56.145:445 on ixp1
Oct 10 08:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2061->192.169.56.146:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2128->192.172.83.86:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2129->192.172.88.27:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2130->192.172.88.28:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2131->192.172.88.29:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2132->192.172.83.87:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2133->192.172.88.30:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2134->192.172.88.31:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2135->192.172.88.32:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2136->192.172.83.88:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2137->192.172.83.89:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2138->192.172.88.33:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2139->192.172.83.90:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2140->192.172.88.34:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2141->192.172.83.91:445 on ixp1
Oct 10 10:22:22 2004 Connection Refused - Policy violation TCP
192.168.1.63:2142->192.172.83.92:445 on ixp1

Incoming log table

Oct 7 18:18:01 2004 Connection Refused - Policy violation UDP
169.254.101.126:137->169.254.255.255:137 on ixp0
Oct 7 18:18:01 2004 Connection Refused - Policy violation UDP
169.254.26.252:137->169.254.255.255:137 on ixp0
Oct 7 18:18:01 2004 Connection Refused - Policy violation TCP
192.168.1.63:3317->192.173.244.253:445 on ixp0
Oct 7 18:18:01 2004 Connection Refused - Policy violation TCP
192.168.1.63:3318->192.174.0.98:445 on ixp0
Oct 7 20:18:03 2004 Connection Refused - Policy violation IGMP
169.254.158.199->224.0.0.251 on ixp0
Oct 7 20:18:03 2004 Connection Refused - Policy violation TCP
192.168.1.63:1673->192.177.20.132:445 on ixp0
Oct 7 20:18:03 2004 Connection Refused - Policy violation TCP
192.168.1.63:1674->192.177.31.234:445 on ixp0
Oct 8 00:18:04 2004 Connection Refused - Policy violation TCP
192.168.1.56:32260->211.171.252.75:80 on ixp0
Oct 8 06:18:06 2004 Connection Refused - Policy violation UDP
192.168.1.8:10260->255.255.255.255:10260 on ixp0
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4102->192.175.164.241:445 on ixp0
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4213->192.175.164.242:445 on ixp0
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4214->192.175.164.243:445 on ixp0
Oct 8 12:18:07 2004 Connection Refused - Policy violation TCP
192.168.1.63:4215->192.175.164.244:445 on ixp0
Oct 8 16:18:08 2004 Connection Refused - Policy violation TCP
192.168.1.63:2753->192.181.228.2:445 on ixp0
Oct 8 20:18:24 2004 Connection Refused - Policy violation TCP
192.168.1.63:4116->192.188.34.241:445 on ixp0
Oct 8 20:18:24 2004 Connection Refused - Policy violation TCP
192.168.1.63:4117->192.188.34.242:445 on ixp0
Oct 8 21:54:53 2004 Connection Refused - Policy violation TCP
192.168.1.63:3674->199.216.211.38:20480 on ixp0
Oct 8 21:54:53 2004 Connection Refused - Policy violation TCP
192.168.1.63:3675->199.216.211.38:20480 on ixp0
Oct 8 21:54:53 2004 Connection Refused - Policy violation TCP
192.168.1.63:3676->199.216.211.38:20480 on ixp0

Rules

Priority Enable Action Service Source Interface Source Destination
Time Day Delete
Allow All Traffic [0] LAN Any Any Always
Deny All Traffic [0] WAN1 Any Any Always
Deny All Traffic [0] WAN2 Any Any Always
Deny All Traffic [0] DMZ Any 192.168.1.0 ~ 192.168.1.255 Always
Allow All Traffic [0] DMZ Any Any Always

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Calvin <(E-Mail Removed)>:
> I am not sure if the is the right forum or not, but i know you linux
> guys are smart so i'll ask you... I have been monitoring some strange
> traffic on our network. We have a couple of computers that even when
> idle are creating a lot of traffic. for one of these computers, we
> did a clean install of the os, put a new network card and turned it
> back on, and we had the same issue. also we are getting some strange
> outbound traffic on our router. how can we find out what is going on?
> what is the next step? Here is some of the router log... Thanks in
> advance, Cal

> Outgoing log table
> Oct 7 18:18:02 2004 Connection Refused - Policy violation TCP
> 192.168.1.63:3394->192.174.0.137:445 on ixp1


> Incoming log table

> Oct 7 18:18:01 2004 Connection Refused - Policy violation UDP
> 169.254.101.126:137->169.254.255.255:137 on ixp0
> Oct 7 18:18:01 2004 Connection Refused - Policy violation UDP
> 169.254.26.252:137->169.254.255.255:137 on ixp0

Yup, M$ boxes tend to be quite chatty, the usual netbios-ns and
microsoft-ds crap you'll see any day if you log way to much,
nothing I'd worry about. Simply unplug all M$ boxes from your LAN
as next step if you don't like it.

Good luck

BTW
There doesn't seem to be a single Linux system involved.

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBbEAMAkPEju3Se5QRAs+UAJ929A98lH1AhwCcFVODX5 vX8ONKgwCgjE9E
U0hwfGvI8++/bEJu03N34tw=
=L4r7
-----END PGP SIGNATURE-----