Kenzo wrote:
I posted this on freebsd forum but didn't get any responces, just alot
people viewing it. Maybe I'm missing something or this is such a stupid
question that no one want to reply. so I'll try it in here.
"I just installed portsentry to play with, and after 10 min of setting it on
the network I get probe.
looking at the message log this is what I see.
portsentry[236]: attackalert: Connect from host: 10.x.x.x/10.x.x.x to UDP
port: 161
That's the snmp port. the address that it's comming from is just a
workstation. Now why would a regular workstation probe me on the snmp port?
What could it be?
Is it a program on the computer trying to look for a device on the network
like a jetdirect?
Or virus, trojan trying to spread?"
Yes.
I'm surprised nobody has answered yet. But the problem with the question, is
it can't be answered. There are a lot of possibilities. You're just going to
have to visit that workstation and find out what's going on with it.
I guess I just want to know why it's doing this, and how to prevent it. It
may not be a virus or trojan, but it uses bandwidt to broadcast and I just
dont like that.
True. The first thing to do is visit the workstation and see what's running.
Make sure it isn't some backdoor or trojan. You don't state what the workstation
is (OS-wise). If you did, you might find somone on the list who would reply
"Oh yea, OS xyz is known for trying to connect to port 161 on every machine on
the network, it's perfectly harmless." or something similar.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
