On 21 Oct 99, at 22:46, Chiaki Ishikawa wrote:
> Over the last few days, our DMZ hosts were scanned for UDP port
> 161 from multiple sites.. My guess is some kind of trojan or
> something.
>
> Does anyone know what this probe is?
It's SNMP. There are three basic scenarios:
1. Someone is hoping you've got SNMP configured in a way that will
allow them to take control of your network. This would not be good.
2. Someone is setting up SNMP on their network, and has told their
management host to "discover" what else is on the network.
Unfortunately, they've misconfigured it, and it thinks your subnet
block is part of its network community.
3. Some HP network printer drivers will send traffic like this out
to other sites on the Internet. No idea what they were thinking.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
