Educause Security Discussion mailing list archives

Re: snmp queries from client machines

From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Tue, 17 Apr 2007 15:33:33 -0400

David Warner wrote:

I have a couple of student machines that seem to be doing a snmp get on
the OID for system name(1.3.6.1.2.1.1.5.0) with a community of public.
They seem to be specifically querying the routers on the resnet subnet.
This generates an alarm on the routers but hasn't affected anything else
as far as I know. This seems to occur about every 15 minutes.  Are there
any know exploits or spyware that might display a pattern like this?

David Warner, CCNA
Network Specialist


Usually this is caused by (poorly written) software that came with a
printer or similar device.  They probably have no idea it is probing
your routers, but they should be able to figure out which program it is
and turn it off.

--
-- Justin Azoff
-- Network Performance Analyst

Current thread:

snmp queries from client machines David Warner (Apr 17)
- <Possible follow-ups>
- Re: snmp queries from client machines Justin Azoff (Apr 17)
- Re: snmp queries from client machines H. Morrow Long (Apr 17)