Hello, can somebody explain properly about a sync attack? Could it look like lots of OUTbound traffic UDP 137 many times to many different addersses and several times the same couple and all as SYNC in netstat? I'm talking about over 100 at a time (not sure in which time period) all probably kept open for the goal. Was wondering for instance if looking into spam mails with all those call home images and signals could be part of the story, although one would expect for the images to get displayed the remote port would be 80, and not UDP 137. Of course scanners don't find nothing. Not even spyware/adware! Still puzzling about this one.