Educause Security Discussion mailing list archives

Re: snmp queries from client machines

From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Tue, 17 Apr 2007 15:36:58 -0400

I've seen printer drivers and printer discovery software
which uses SNMP to attempt to find printers on the local
network (e.g. HP JetDirect printers, etc.).

- H. Morrow Long, CISSP, CISM, CEH
  University Information Security Officer
  Director -- Information Security Office
  Yale University, ITS



On Apr 17, 2007, at 3:24 PM, David Warner wrote:

I have a couple of student machines that seem to be doing a snmp
get on the OID for system name(1.3.6.1.2.1.1.5.0) with a community
of public.  They seem to be specifically querying the routers on
the resnet subnet. This generates an alarm on the routers but
hasn't affected anything else as far as I know. This seems to occur
about every 15 minutes.  Are there any know exploits or spyware
that might display a pattern like this?
David Warner, CCNA
Network Specialist

Wesleyan University
265 Church St
Fifth Floor, Exley Science Center
Middletown, CT 06459
(860) 685-3967
Fax: (860) 685-2401
email: dwarner01 () wesleyan edu
directions: http://www.wesleyan.edu/about/traveltowes.html

Current thread:

snmp queries from client machines David Warner (Apr 17)
- <Possible follow-ups>
- Re: snmp queries from client machines Justin Azoff (Apr 17)
- Re: snmp queries from client machines H. Morrow Long (Apr 17)