Security Basics mailing list archives
Re: SNMP attempts every 10 minutes
From: Tremaine Lea <tremaine () gmail com>
Date: Tue, 15 Jan 2008 08:13:16 -0700
Is it trying and failing to authenticate with the same string every time, or does it appear to be a bruteforce? If it's a bruteforce, isolate the box completely. If it's the same failed auth repeatedly, I'd be less concerned. That's not to say it should be ignored, but it wouldn't be a high priority. I'd hassle them on a daily basis to get the issue resolved, as it's unnecessary noise that may distract from legitimate issues when you have to sort out and remove the SNMP queries all the time.
Cheers, --- Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On 11-Jan-08, at 1:33 PM, k7.fantr () gmail com wrote:
There is a machine on our network that is trying and failing to authenticate with the snmp trap on our core switch every 10 minutes. I can not seem to isolate what is making the requests. Based on scans that I have run, there is no know malware (nothing detected anyway). No services running appear to stop the requests after being turned turned off, and after installing a host based firewall and reviewing the logs, as well as running wireshark and reviewing a 2 hour capture, I can not seem to pin point anything making requests to that switch at all. It is the only machine on the network of about 900 that is doing this.I want the machine removed so that I can investigate further, but I am getting resistance from the IT Manager and support (no time.. not necessary..). Has anybody seen this before? Am I wrong to want this removed?Thanks in advance.
Current thread:
- SNMP attempts every 10 minutes k7 . fantr (Jan 14)
- Re: SNMP attempts every 10 minutes Paul J. Brickett (Jan 14)
- Message not available
- Re: SNMP attempts every 10 minutes Paul J. Brickett (Jan 14)
- Message not available
- Re: SNMP attempts every 10 minutes Paul J. Brickett (Jan 14)
- Re: SNMP attempts every 10 minutes Ivan . (Jan 15)
- Re: SNMP attempts every 10 minutes k7 fantr (Jan 15)
- Re: SNMP attempts every 10 minutes Ivan . (Jan 15)
- RE: SNMP attempts every 10 minutes Erik Soosalu (Jan 15)
- RE: SNMP attempts every 10 minutes Nhon Yeung (Jan 15)
- Re: SNMP attempts every 10 minutes k7 fantr (Jan 15)
- Re: SNMP attempts every 10 minutes Tremaine Lea (Jan 15)
- <Possible follow-ups>
- Fw: SNMP attempts every 10 minutes Kal Hartstein (Jan 15)
- Re: Fw: SNMP attempts every 10 minutes Micheal Espinola Jr (Jan 15)