SNMP Server Question

Roger Wright

I've just received a message telling me that a computer at 10.2.x.x is trying to contact the SNMP Server here, and I can't imagine why. That's not even supposed to be a routable IP address, so it must be on the local net here in town. What in the world does the SNMP Server do that might interest a hacker? Is there any good reason to run it at all? I've blocked it with a firewall and nothing has broken yet. I realize that it's used for managing remote computers, but I haven't found a lot of info about just what it does and how it works. What kind of risk does it present? [EDIT] The plot thickens - the remote MAC address is the one on my ISP's gateway server, but the IP address associated with it is no longer correct. ARP reports the correct IP address for that MAC address, but the packets coming in are tagged with the 10.2.x.x IP. How entertaining!:-D [/EDIT] "Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.

Sebastian Benitez

SNMP is Simple Network Management Protocol. You use it to manage networks :) I haven't used it, but many routers use it to allow configuring them remotely. You should activate only services you use, if you don't use it, remove it. You could try shutting it down and whatching if the network still works. If someone complains, it's your problem ;) "semper aliquid haeret", Bacon. -- Sebastián.

rt01

The information about the commputer like sysadmin / location / performace data etc. might be interesting, depending on your config you can completly manage you computer with snmp eg. shutdown start stop services apply new firewall rules ..... For some information take a look into http://www.ietf.org/rfc/rfc1157.txt or http://www.openview.hp.com/ if does not need this service deinstall it, if you have products like HP OpenView or IBM Tivoli you will need this regards Patrick