Educause Security Discussion mailing list archives

snmp queries from client machines

From: David Warner <dwarner01 () WESLEYAN EDU>
Date: Tue, 17 Apr 2007 15:24:10 -0400

I have a couple of student machines that seem to be doing a snmp get
on the OID for system name(1.3.6.1.2.1.1.5.0) with a community of
public.  They seem to be specifically querying the routers on the
resnet subnet. This generates an alarm on the routers but hasn't
affected anything else as far as I know. This seems to occur about
every 15 minutes.  Are there any know exploits or spyware that might
display a pattern like this?

David Warner, CCNA
Network Specialist

Wesleyan University
265 Church St
Fifth Floor, Exley Science Center
Middletown, CT 06459
(860) 685-3967
Fax: (860) 685-2401
email: dwarner01 () wesleyan edu
directions: http://www.wesleyan.edu/about/traveltowes.html

Current thread:

snmp queries from client machines David Warner (Apr 17)
- <Possible follow-ups>
- Re: snmp queries from client machines Justin Azoff (Apr 17)
- Re: snmp queries from client machines H. Morrow Long (Apr 17)