Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
3
Replies

SNMP Failed Auth - Multiple Hosts

bodge_it_scarper
Level 1
Level 1

‎10-04-2005 08:00 AM - edited ‎03-09-2019 12:36 PM

Hi,

I am receiving many reports from switches across my LAN reporting that different PC's are attemping SNMP queries.

They are not getting any information back, but I curious as to what is causing this traffic.

I have run port scans against the hosts, which are Windows 2000 PC's. There are the usual ports open and no strange processes running on these machines.

Any help or a nudge in the right direction would be appreciated !! This problem is more irritating than anything at the moment, but I would like to nip it in the bud, just incase it turns out to be something sinister.

Thanks

Greg

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-04-2005 10:30 AM

Greg

There are not many specifics in your message to work with. But one observation I have is that many Windows PCs will do an SNMP query to validate network attached printers.

Can you get some more information, especially what is the destination address of the SNMP packets. Once you know what they are trying to talk to you will be in a better position to know whether this is something to worry about or not.

HTH

Rick

HTH

Rick
0 Helpful

bodge_it_scarper
Level 1
Level 1
In response to Richard Burts

‎10-06-2005 01:11 AM

Well,

The I havn't checked the PC's for attached printers, but we use local ports for connecting to printers. IP or Shared.

I have checked for random installations of JetAdmin on the machine as well.

It's a regular 5 - 6 switches that are being probed.

It seems so random though. I know that I need to gather more information, ie, are the pc's in the same area, is this a common user etc....

Hence the original post, just looking for ideas, so thanks for the printer's, I will check that as well.

0 Helpful

d-garnett
Level 3
Level 3

‎10-06-2005 08:47 PM

This may be a shot in the dark, but do you have network printers installed with maybe HP Jetadmin software on PCs? Alot of time the software will try to "discover" snmp enabled devices (printers) on your network.

Also you could set up a sniffer and look for the OID in the GET requests , the OID should lead you in the right direction. If you know that you users are not doing anything wierd then you could just set it up on a "suspect" PC and monitor the outgoing traffic (snmp queries).

0 Helpful
Customers Also Viewed These Support Documents