Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1830 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OS X boxes showing drops to DoD 7.80.0.49:139/445

GetParanoid
A good number of Snow Leopard and Mavericks boxes are appearing in the firewall log showing a constant slew of drops to 7.80.0.49:139/445. This number traces to DoD (Department of Defense).

I see nothing on any of these stations attempting to initiate this connection. None of the Windows boxes are exhibiting this behavior.

Googling yields almost nothing. I find this rather odd. I know DoD farms out IPs to telcos but these are desktops, and I would think someone would have questioned this on the intertubes at some point. Am I the only one seeing this?

Thoughts? How can I investigate this further? Should I?


This thread was automatically locked due to age.
Parents
  • 0
    2015:03:30-17:47:21 nunya-1 ulogd[17683]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:0n:0u:0n:0y:0a" dstmac="00:0n:0u:0n:0y:0a" srcip="***.***.***.***" dstip="7.80.0.49" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53452" dstport="139" tcpflags="SYN"
Reply
  • 0
    2015:03:30-17:47:21 nunya-1 ulogd[17683]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:0n:0u:0n:0y:0a" dstmac="00:0n:0u:0n:0y:0a" srcip="***.***.***.***" dstip="7.80.0.49" proto="6" length="64" tos="0x00" prec="0x00" ttl="63" srcport="53452" dstport="139" tcpflags="SYN"
Children
No Data