|
SNMP discovery broadcast |
|
|
|
| FAQ | |||
|
|
Summary
An intruder is sending a SNMP GET command to a broadcast address. This may be an attempt to determine which systems support various SNMP features.
Details
SNMP (Simple Network Management Protocol) is used to monitor and control network equipment on the Internet. It often gives complete information on the device being managed, and can sometimes give complete control over the device. At the same time, SNMP is a fairly insecure protocol, with easy-to-guess passwords. As a result, it is a popular protocol with hackers to both discover equipment on the Internet and exploit them.
This event is usually found by cable-modem and DSL users. Other users in the same "broadcast domain" run programs that send out SNMP broadcast in order to scan their neighbors. Usually this is not hostile activity, users are often just concerned with managing their internal networks, but such discover/scanning process are "leaking" out onto the local network neighborhood.
In some cases, hostile intruders are indeed scanning their neighbors looking for machines they can compromise.
False Positives
As noted above, this "attack" is frequently seen by users inadvertently running discovery programs. In a corporate environment, this is often triggered by SNMP management consoles.
| more information |
|
| ||||
Version appeared: 1.8.5.4