Security Basics mailing list archives
Re: SNMP attempts every 10 minutes
From: "Paul J. Brickett" <swarzkopf () legolas sinnerz us>
Date: Mon, 14 Jan 2008 14:49:54 -0500 (EST)
What OS is the machine? On Fri, 11 Jan 2008, k7.fantr () gmail com wrote:
There is a machine on our network that is trying and failing to authenticate with the snmp trap on our core switch every 10 minutes. I can not seem to isolate what is making the requests. Based on scans that I have run, there is no know malware (nothing detected anyway). No services running appear to stop the requests after being turned turned off, and after installing a host based firewall and reviewing the logs, as well as running wireshark and reviewing a 2 hour capture, I can not seem to pin point anything making requests to that switch at all. It is the only machine on the network of about 900 that is doing this. I want the machine removed so that I can investigate further, but I am getting resistance from the IT Manager and support (no time.. not necessary..). Has anybody seen this before? Am I wrong to want this removed? Thanks in advance.
Current thread:
- SNMP attempts every 10 minutes k7 . fantr (Jan 14)
- Re: SNMP attempts every 10 minutes Paul J. Brickett (Jan 14)
- Message not available
- Re: SNMP attempts every 10 minutes Paul J. Brickett (Jan 14)
- Message not available
- Re: SNMP attempts every 10 minutes Paul J. Brickett (Jan 14)
- Re: SNMP attempts every 10 minutes Ivan . (Jan 15)
- Re: SNMP attempts every 10 minutes k7 fantr (Jan 15)
- Re: SNMP attempts every 10 minutes Ivan . (Jan 15)
- RE: SNMP attempts every 10 minutes Erik Soosalu (Jan 15)
- RE: SNMP attempts every 10 minutes Nhon Yeung (Jan 15)
- Re: SNMP attempts every 10 minutes k7 fantr (Jan 15)
- Re: SNMP attempts every 10 minutes Tremaine Lea (Jan 15)
- <Possible follow-ups>
- Fw: SNMP attempts every 10 minutes Kal Hartstein (Jan 15)
- Re: Fw: SNMP attempts every 10 minutes Micheal Espinola Jr (Jan 15)