Date: Mon, 27 Jan 2003 10:15:14 -0600 From: "Kenzo" <kenzo_chin@hotmail.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: snmp probe? Message-ID: <DAV13W3WU1kdVzGi7h40000957f@hotmail.com> References: <DAV67gCVmRDgcFObuIh00017bf0@hotmail.com> <3E35567D.9000704@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The OS is most likely win95 or win98. I'll have to go there a check. We do have some win2k comps, but I'm pretty sure that those workstations are not. Thanks, at least it gives me something. just a simple reply like that was what I was looking for. Thanks. ----- Original Message ----- From: "Bill Moran" <wmoran@potentialtech.com> To: "Kenzo" <kenzo_chin@hotmail.com> Cc: <freebsd-questions@FreeBSD.ORG> Sent: Monday, January 27, 2003 9:55 AM Subject: Re: snmp probe? > Kenzo wrote: > > I posted this on freebsd forum but didn't get any responces, just alot > > people viewing it. Maybe I'm missing something or this is such a stupid > > question that no one want to reply. so I'll try it in here. > > > > "I just installed portsentry to play with, and after 10 min of setting it on > > the network I get probe. > > looking at the message log this is what I see. > > > > portsentry[236]: attackalert: Connect from host: 10.x.x.x/10.x.x.x to UDP > > port: 161 > > > > That's the snmp port. the address that it's comming from is just a > > workstation. Now why would a regular workstation probe me on the snmp port? > > > > What could it be? > > Is it a program on the computer trying to look for a device on the network > > like a jetdirect? > > Or virus, trojan trying to spread?" > > Yes. > I'm surprised nobody has answered yet. But the problem with the question, is > it can't be answered. There are a lot of possibilities. You're just going to > have to visit that workstation and find out what's going on with it. > > > I guess I just want to know why it's doing this, and how to prevent it. It > > may not be a virus or trojan, but it uses bandwidt to broadcast and I just > > dont like that. > > True. The first thing to do is visit the workstation and see what's running. > Make sure it isn't some backdoor or trojan. You don't state what the workstation > is (OS-wise). If you did, you might find somone on the list who would reply > "Oh yea, OS xyz is known for trying to connect to port 161 on every machine on > the network, it's perfectly harmless." or something similar. > > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAV13W3WU1kdVzGi7h40000957f>