Hi, scans to 161 are common to find vulnerable machines (routers, bridges, switches, etc.) configured via snmp (simple network management protocol). With this protocol designed for network administration, such machines can be remotely configured and queried for functionality and/or errors. Attackers can collect a lot of information about a network if they manage to trick the snmp subsystem of a router or switch. Routers and other pieces of hardware are the heart and soul of a distributed network. By gaining control over such nodes an attacker could deactivate packet screening, change the routing tables and do whatever he likes. You may want to consult rfc1155 and rfc1157 for more in-depth information about administrative management and snmp itself. snmp version 1 and 2 is available for linux although not installed by default, so an attacker can not leak information out of your linux system if you didn't install snmp. Boris --- On 14-Sep-00 Togan Muftuoglu wrote:
Hi everyone,
I am getting scans to port 161/tcp from the scanners port 1234 . I checked the etc/services file port 1234 is search agent for Infoseek and 161 is snmp.
First of all what is snmp is there antyhing they can do from that port and finally what can I do to improve my pc. curently I have Suse firewall running and portsentry is up with audp and atcp flags
Thanks in adnvace
Togan Muftuoglu toganm@turk.net
100% MS FREE Absolutely no component of Microsoft was used in the generation or posting of this e-mail. So it is virus free [...]