Security Incidents mailing list archives

what's listening on udp 161?

From: Quarantine <Quarantine () GSCCCA ORG>
Date: Wed, 13 Feb 2002 15:31:55 -0500

Hi all.  WinMap is reporting 161/udp open on several of my Win2K servers.
The problem is that SNMP isn't installed on these machines, and I don't know
of anything else that would be accepting traffic on that port.  Here's the
result of a netstat -a -n -p udp on one of the machines:

Active Connections

  Proto  Local Address
  UDP    0.0.0.0:135
  UDP    0.0.0.0:445
  UDP    0.0.0.0:1034
  UDP    0.0.0.0:1251
  UDP    0.0.0.0:1434
  UDP    0.0.0.0:2344
  UDP    0.0.0.0:3456
  UDP    0.0.0.0:6050
  UDP    xxx.xxx.xxx.xxx:137
  UDP    xxx.xxx.xxx.xxx:138
  UDP    xxx.xxx.xxx.xxx:500
  UDP    xxx.xxx.xxx.xxx:41524

I've confirmed that on a machine with the SNMP service installed and
started, the same netstat command shows UDP 0.0.0.0:161.  Can anybody
explain this to me?

Thanks,
Matt

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

what's listening on udp 161? Quarantine (Feb 13)
- Re: what's listening on udp 161? Conor McGrath (Feb 13)
- <Possible follow-ups>
- RE: what's listening on udp 161? Smith, Steve (Feb 13)
- RE: what's listening on udp 161? Adcock, Matt (Feb 13)