Traffic from Computers that are Powered off 1

Giganews Newsgroups
Subject: Traffic from Computers that are Powered off 1
Posted by:  Mourad (Mour…@discussions.microsoft.com)
Date: Thu, 8 Feb 2007

I am an IT manager of a small company. We have a local domain server
(Win2003, Exchange) on which we have ISA 2004 installed.
Employees leave at 5:00pm and switch off their computers.
The last few days, I have been looking at the ISA logs, and I noticed that
there was traffic between some computers (on the internal network; and they
are off !) and the server. This could be some weird worm/trojan that spoofs
the IPs but I tried all kinds of anti-virus and I can't find anything. The
protocols I see in the logs are mostly RPC, Microsoft CIFS (TCP), and
NetBios.
I can't see the raw IP header in the logs (which is another question I have
even though I configured ISA to log this as well)
Any ideas what that might be ?

Replies