I’m looking for some help figuring out a problem where computers on the 10.10.1.x - 10.10.2.x subnets are sending about a million netbios name requests per day to 10.10.3.255. We do not have a 10.10.3.x subnet on our network. Our firewall blocks these packets and logs it. I cannot figure out why they would be sent to 10.10.3.255.
Some of the hosts it is sending a name request for no longer exist on our network though a few do exist. Below is an example of the captured packets.
Any ideas on what is causing this? It is a lot of traffic, the firewall shows about 980k blocked items each day, most are these netbios requests. The firewall is Barracuda x300 if that helps, we have a Windows AD domain.
Thanks in advance,