Educause Security Discussion mailing list archives
Re: snmp queries from client machines
From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Tue, 17 Apr 2007 15:36:58 -0400
I've seen printer drivers and printer discovery software which uses SNMP to attempt to find printers on the local network (e.g. HP JetDirect printers, etc.). - H. Morrow Long, CISSP, CISM, CEH University Information Security Officer Director -- Information Security Office Yale University, ITS On Apr 17, 2007, at 3:24 PM, David Warner wrote:
I have a couple of student machines that seem to be doing a snmp get on the OID for system name(1.3.6.1.2.1.1.5.0) with a community of public. They seem to be specifically querying the routers on the resnet subnet. This generates an alarm on the routers but hasn't affected anything else as far as I know. This seems to occur about every 15 minutes. Are there any know exploits or spyware that might display a pattern like this? David Warner, CCNA Network Specialist Wesleyan University 265 Church St Fifth Floor, Exley Science Center Middletown, CT 06459 (860) 685-3967 Fax: (860) 685-2401 email: dwarner01 () wesleyan edu directions: http://www.wesleyan.edu/about/traveltowes.html
Current thread:
- snmp queries from client machines David Warner (Apr 17)
- <Possible follow-ups>
- Re: snmp queries from client machines Justin Azoff (Apr 17)
- Re: snmp queries from client machines H. Morrow Long (Apr 17)