Security Incidents mailing list archives
what's listening on udp 161?
From: Quarantine <Quarantine () GSCCCA ORG>
Date: Wed, 13 Feb 2002 15:31:55 -0500
Hi all. WinMap is reporting 161/udp open on several of my Win2K servers. The problem is that SNMP isn't installed on these machines, and I don't know of anything else that would be accepting traffic on that port. Here's the result of a netstat -a -n -p udp on one of the machines: Active Connections Proto Local Address UDP 0.0.0.0:135 UDP 0.0.0.0:445 UDP 0.0.0.0:1034 UDP 0.0.0.0:1251 UDP 0.0.0.0:1434 UDP 0.0.0.0:2344 UDP 0.0.0.0:3456 UDP 0.0.0.0:6050 UDP xxx.xxx.xxx.xxx:137 UDP xxx.xxx.xxx.xxx:138 UDP xxx.xxx.xxx.xxx:500 UDP xxx.xxx.xxx.xxx:41524 I've confirmed that on a machine with the SNMP service installed and started, the same netstat command shows UDP 0.0.0.0:161. Can anybody explain this to me? Thanks, Matt ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- what's listening on udp 161? Quarantine (Feb 13)
- Re: what's listening on udp 161? Conor McGrath (Feb 13)
- <Possible follow-ups>
- RE: what's listening on udp 161? Smith, Steve (Feb 13)
- RE: what's listening on udp 161? Adcock, Matt (Feb 13)