Re: SNMP attempts every 10 minutes

["Paul J. Brickett" <swarzkopf () legolas sinnerz us>]

My suggestion: Write a local IPSec policy on the machine that blocks all 
to/from SNMP traffic. This should stop the requests every 10 minutes.

On Mon, 14 Jan 2008, k7.fantr wrote:

> It is a Win2k workstation. Fully patched (less the latest 2).
>
>
>
> On Jan 14, 2008 1:49 PM, Paul J. Brickett <swarzkopf () legolas sinnerz us>
> wrote:
>
> > What OS is the machine?
> >
> > On Fri, 11 Jan 2008, k7.fantr () gmail com wrote:
> >
> > > There is a machine on our network that is trying and failing to
> > authenticate with the snmp trap on our core switch every 10 minutes. I can
> > not seem to isolate what is making the requests. Based on scans that I have
> > run, there is no know malware (nothing detected anyway). No services running
> > appear to stop the requests after being turned turned off, and after
> > installing a host based firewall and reviewing the logs, as well as running
> > wireshark and reviewing a 2 hour capture, I can not seem to pin point
> > anything making requests to that switch at all. It is the only machine on
> > the network of about 900 that is doing this.
> > > I want the machine removed so that I can investigate further, but I am
> > getting resistance from the IT Manager and support (no time.. not
> > necessary..). Has anybody seen this before? Am I wrong to want this removed?
> > > Thanks in advance.
>
>
>
> --
>
> steve.dake