Date: Mon, 27 Jan 2003 11:04:05 -0500 From: Chuck Swiger <cswiger@mac.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: snmp probe? Message-ID: <3E355875.5000106@mac.com> In-Reply-To: <DAV67gCVmRDgcFObuIh00017bf0@hotmail.com> References: <DAV67gCVmRDgcFObuIh00017bf0@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kenzo wrote: [ ... ] > portsentry[236]: attackalert: Connect from host: 10.x.x.x/10.x.x.x to UDP > port: 161 > > That's the snmp port. the address that it's comming from is just a > workstation. Now why would a regular workstation probe me on the snmp port? A human programmed it to do so, most likely. > What could it be? If you tell us what OS and software the workstation is running, we could probably make more useful suggestions. > Is it a program on the computer trying to look for a device on the network > like a jetdirect? That's very probable. > Or virus, trojan trying to spread?" Much less likely, but still possible, I guess. > I guess I just want to know why it's doing this, and how to prevent it. Disconnect the workstation from the network? Configure the workstation to perform packet filtering of 168/169? Determine which software is causing the and change it? -Chuck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E355875.5000106>