|
|
 |
|
|
Pages: 1
My router is pinging me crazy
(Click here to view the original thread with full colors/images)
Posted by: Zubbus
According to ZoneAlarm, my router is hitting my UDP port 162 4 to 8 times every 2 seconds. That is crazy and it didn't use to do that. The router does not seem to do the same thing to other comptuers on the network.
I don't even know where to begin looking for information on this problem. Please help.
Posted by: Ion Silverbolt
http://www.processlibrary.com/directory/files/snmptrap
This service is registered to port 162 UDP
"SNMP Trap Service is included in Windows NT 4/2000/XP and Windows Server 2003 operating systems. It is a common system component, used mostly by network and system administrators to monitor the activity of remote network devices via SNMP protocol."
Posted by: Zubbus
The plot thickens...
1) I consulted a knowledgeable friend elsewhere and he (i) also noticed it's an SNMP thingee (ii) said I don't need it
2) He said to disable SNMP on my router, but my router's configurations do not mention SNMP anywhere. And like you said it seems to be a windows process.
3) Your link to the SNMP reference is just like the Windows services reference I find on that site, but nothing SNMP shows up on my services.msc, so I'm not sure (i) if it's even really running (I believe you that you say it is) (ii) if it's running the way it should be (iii) how to stop it
4) I reassigned my machine's LAN address and for now, it has completely sidestepped this flood of hits 
Words like "remote" leads me to a new question - is this SNMP thing even coming from my computer?
Posted by: Ion Silverbolt
It could be somekind of hack attempt from a script or rootkit of somekind. Probably looking for a vulnerability in the service. You said you're using zone alarm. I think there's a program that runs with it called zonelog. You should be able to monitor where the traffic is coming from with that.
http://zonelog.co.uk/
Posted by: redwench
or just block that port on the router 
Posted by: Ion Silverbolt
That's no fun. He should trace down the source and call the FBI on them!
It's probably an overseas IP anyway if it's not local. Which it could be. There are other serices that use that port. Netview is one, linklogger is another. A version of that is distributed by Linksys so if you have any linksys tools installed, that may be the source.
Posted by: Zubbus
 Quote:
|
Originally Posted by redwench
or just block that port on the router |
Tried that. It doesn't help. Guess it's because it's coming from the router itself.
|
|
|
|
|
