From owner-freebsd-questions Mon Jan 27 7:45: 0 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76DCF37B401 for ; Mon, 27 Jan 2003 07:44:59 -0800 (PST) Received: from hotmail.com (dav67.sea1.hotmail.com [207.68.162.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15E0C43E4A for ; Mon, 27 Jan 2003 07:44:59 -0800 (PST) (envelope-from kenzo_chin@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 27 Jan 2003 07:44:54 -0800 X-Originating-IP: [209.187.233.156] From: "Kenzo" To: Subject: snmp probe? Date: Mon, 27 Jan 2003 09:44:53 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-ID: X-OriginalArrivalTime: 27 Jan 2003 15:44:54.0872 (UTC) FILETIME=[09AFAD80:01C2C61B] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I posted this on freebsd forum but didn't get any responces, just alot people viewing it. Maybe I'm missing something or this is such a stupid question that no one want to reply. so I'll try it in here. "I just installed portsentry to play with, and after 10 min of setting it on the network I get probe. looking at the message log this is what I see. portsentry[236]: attackalert: Connect from host: 10.x.x.x/10.x.x.x to UDP port: 161 That's the snmp port. the address that it's comming from is just a workstation. Now why would a regular workstation probe me on the snmp port? What could it be? Is it a program on the computer trying to look for a device on the network like a jetdirect? Or virus, trojan trying to spread?" I guess I just want to know why it's doing this, and how to prevent it. It may not be a virus or trojan, but it uses bandwidt to broadcast and I just dont like that. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message