I have been looking at packets on my network a lot lately and I found out some crazy things. One is that most of the laptops sold today come with a windows/osx BIOS loading trojan called computrace, lojack. It has the purported intention of tracking stolen laptops but is easily exploited into very persistent trojan that can load into windows/osx and now linux too. Suffice it to say I trust nothing but the wire and a USB booted laptop to further analyze what all this stuff is on my network. Ok, so, one of these laptops runs windows 7 and def has the rpcnet.exe lojack software as I have seen it contacting Absolute Software here and there. The laptop is not stolen so I wonder why on earth it does that. Anyway, it also exhibits the following behavior upon waking from hibernation. Please see the screenshot, Any idea why it would look up random NB names? Any and all expertise is appreciated. Considering going out to Stanford for the Sharkfest. asked 03 Jun '12, 13:07  pluribus |
One Answer:
Kindly disable Netbios over TCP/IP on your Lan connections.You wont see any NBNS broadcast answered 07 Jun '12, 22:29  bluebird77 |
I may have answered my own question from the LLMNR RFC
Seems random lookups are part of the spec. Any experts welcome to chime in.
http://www.ietf.org/rfc/rfc4795.txt
Maybe somebody else can shark the wire with windows 7 and let me know?
Thanks,
P
"Any and all expertise is appreciated. Considering going out to Stanford for the Sharkfest."
I wouldn't go to Standford if I were you...
... we're having Sharkfest in Berkeley this year ;-)
As displayed here: SharkFest '12
Whoops, my mistake. Brain switch.