You are not logged in.

#1 2017-03-14 17:33:38

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

My computer is trying to access SNMP interfaces on the local network

I live in university halls, and I am connected via ethernet to a local network.

Over the past week or so, I've been receiving emails from our IT department informing me that my computer is attempting to access the SNMP interface of various devices that are connected to the network. They're threatening to cut off my internet access if it doesn't stop.

This has also happened before, a few months ago. But it seemed to stop after I reformatted my hard drive and re-installed Arch Linux. This may have just been a coincidence.

I suspect that it might actually have to do with a game I've been playing called Factorio, because I believe I was playing it around the time there last was last a problem, and I haven't played it since -- until recently.

My questions are:

- Could these random SNMP requests be malicious?
- How can I find out exactly which program is doing it?
- If it is something benign (like Factorio), how can I either stop it from happening, or convince IT that it's not a problem?

Thanks!

Offline

#2 2017-03-14 17:41:52

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 20,487

Re: My computer is trying to access SNMP interfaces on the local network

Block outgoing UDP packets on ports 161 and 162 using something like IPtables.  The IPtables will tell you the origin of the requests.
It could be malicious.
You won't convince IT that is not a problem because it is a problem.  You are issuing packets that are intended to control and monitor infrastructure -- their infrastructure -- and you don't know why you are sending them.

Last edited by ewaller (2017-03-15 04:37:47)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way

Offline

#3 2017-03-14 17:57:06

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

Re: My computer is trying to access SNMP interfaces on the local network

Thanks for the response.

Block outgoing UDP packets on ports 161 and 162 using something like IPtables.  The IPtables will tell you the origin on the requests.

Will this cause me any problems? As in, what might I need to make SNMP requests for in my daily computer use?

Offline

#4 2017-03-14 18:16:52

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 20,487

Re: My computer is trying to access SNMP interfaces on the local network

If you don't know what SNMP is, then you will never miss it.   OTOH, if you need it, you could not live without it.  They are used to administer network equipment from a central location -- keep track of machine temperatures, storage quotas, routing rules, etc...

As an EE, I have used (knowingly) SNMP twice in my life -- to provide notifications for the failure of part of redundant systems to a service person's pager.  Yeah, that long ago.

Last edited by ewaller (2017-03-14 18:18:46)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way

Offline

#5 2017-03-14 18:37:25

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: My computer is trying to access SNMP interfaces on the local network

I'd also wonder why the game is sending these (if it is the game).  Could/would these be used by a game to find other players on the same network or some other LAN-options for the game?  Perhaps this could be reported upstream to the game devs to at least get a configuration option to prevent this (again, assuming it is the game doing it).


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#6 2017-03-14 19:59:21

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

Re: My computer is trying to access SNMP interfaces on the local network

ewaller wrote:

If you don't know what SNMP is, then you will never miss it.

OK, thanks, I've blocked those outgoing ports now. I'll update if I find out any more information about what's causing it.

I'd also wonder why the game is sending these (if it is the game).  Could/would these be used by a game to find other players on the same network or some other LAN-options for the game?  Perhaps this could be reported upstream to the game devs to at least get a configuration option to prevent this (again, assuming it is the game doing it).

I'm not sure. I'm hesitant to report it to the game devs without proof that the game is doing it! A quick google search for "factorio snmp" didn't yield anything that seemed relevant, but I suppose most players wouldn't notice the problem without an IT department to get annoyed with them about it.

Offline

#7 2017-03-14 20:14:11

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 20,487

Re: My computer is trying to access SNMP interfaces on the local network

Bradley Hardy wrote:

A quick google search for "factorio snmp" didn't yield anything that seemed relevant, but I suppose most players wouldn't notice the problem without an IT department to get annoyed with them about it.

I dunno, that first result looks relevant wink  (I'm joking, your first post in this thread is that first hit)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way

Offline

#8 2017-03-14 20:49:56

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: My computer is trying to access SNMP interfaces on the local network

I've never heard of this game before, but it does seem to allow for starting a "multiplayer game" at which point your system will act as a server that others on your local netowork can connect to, or to "join" someone else's multiplayer game on the local network, in which case you'd connect to their game server.

I also know nothing of SNMP, so I don't know if this could even be a likely mechanism that such a game would use to detect other instances of "itself" on the local network.  But it doesn't sound too far fetch at the moment: you have a game that looks for other instances of the game on the local network, and there is a protocol in use that is related to detecting other devices on the local network.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#9 2017-03-14 22:39:00

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

Re: My computer is trying to access SNMP interfaces on the local network

Well, for the record, I haven't played multiplayer or even pressed the multiplayer button as far as I know. It's launched through Steam, which definitely looks for friends online and so on. But "steam snmp" yields nothing relevant either, and I feel that Steam is so popular that someone else would have noticed a problem if it was doing something strange with SNMP...

Offline

#10 2017-03-14 22:54:33

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: My computer is trying to access SNMP interfaces on the local network

Could be.  I don't really know if it's strange though.  You said this is a university - and university networks tend to be the most fragile and oddly configured networks on the planet (at least US unversities).  My university blocks all git traffic.  My previous university blocked all ssh traffic.  And I've heard of university IT departments going into fits for any number of common and perfectly safe/normal networking services running.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#11 2017-03-15 00:07:01

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

Re: My computer is trying to access SNMP interfaces on the local network

Well, I've never had any problems it blocking anything. Git works fine, I can SSH between different devices on the network, and I've never encountered any websites being blocked at all.

And judging by what ewaller is saying, these SNMP request do indeed seem to be strange!

Offline

#12 2017-03-15 01:46:34

skunktrader
Member
From: Brisbane, Australia
Registered: 2010-02-14
Posts: 1,643

Re: My computer is trying to access SNMP interfaces on the local network

Do you have a cups server installed? By default cups uses snmp broadcast messages to identify remote printers that are public

Offline

#13 2017-03-15 17:50:21

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

Re: My computer is trying to access SNMP interfaces on the local network

skunktrader wrote:

Do you have a cups server installed? By default cups uses snmp broadcast messages to identify remote printers that are public

I don't think so.

pacman -Ss cups

tells me that I have extra/cups-pk-helper, extra/libcups and multilib/lib32-libcups installed. I don't have the extra/cups package itself installed.

Offline

#14 2017-03-15 19:14:40

loqs
Member
Registered: 2014-03-06
Posts: 18,633

Re: My computer is trying to access SNMP interfaces on the local network

Did the iptables/nftables rules reveal which process is attempting to send the SNMP traffic?

Offline

#15 2017-03-15 23:56:32

Bradley Hardy
Member
Registered: 2017-03-13
Posts: 7

Re: My computer is trying to access SNMP interfaces on the local network

I'm not sure how to find out which process is doing it. The output of

journalctl -k | grep "IN=.*OUT"=.*

is

Mar 15 23:47:19 brad-arch kernel: PORT 161 DROP: IN= OUT=lo SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19458 DF PROTO=TCP SPT=40868 DPT=6000 WINDOW=43690 RES=0x00 SYN URGP=0 
Mar 15 23:47:19 brad-arch kernel: PORT 162 DROP: IN= OUT=lo SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19458 DF PROTO=TCP SPT=40868 DPT=6000 WINDOW=43690 RES=0x00 SYN URGP=0 
Mar 15 23:47:19 brad-arch kernel: PORT 161 DROP: IN= OUT=lo SRC=<OMITTED> DST=<OMITTED> LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=26993 DF PROTO=TCP SPT=6000 DPT=40868 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar 15 23:47:19 brad-arch kernel: PORT 162 DROP: IN= OUT=lo SRC=<OMITTED> DST=<OMITTED> LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=26993 DF PROTO=TCP SPT=6000 DPT=40868 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar 15 23:47:26 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=24267 DF PROTO=UDP SPT=42753 DPT=53 LEN=43 
Mar 15 23:47:26 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=24267 DF PROTO=UDP SPT=42753 DPT=53 LEN=43 
Mar 15 23:47:26 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=24268 DF PROTO=UDP SPT=42753 DPT=53 LEN=43 
Mar 15 23:47:26 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=24268 DF PROTO=UDP SPT=42753 DPT=53 LEN=43 
Mar 15 23:47:26 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3358 DF PROTO=TCP SPT=56888 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 15 23:47:26 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3358 DF PROTO=TCP SPT=56888 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 15 23:47:45 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=28960 RES=0x00 ACK SYN URGP=0 
Mar 15 23:47:45 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=28960 RES=0x00 ACK SYN URGP=0 
Mar 15 23:47:45 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32018 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK URGP=0 
Mar 15 23:47:45 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32018 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK URGP=0 
Mar 15 23:48:42 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=48532 DF PROTO=TCP SPT=23 DPT=59969 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar 15 23:48:42 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=48532 DF PROTO=TCP SPT=23 DPT=59969 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=28960 RES=0x00 ACK SYN URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=28960 RES=0x00 ACK SYN URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=53772 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=53772 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=53773 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK PSH URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=53773 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK PSH URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=1132 TOS=0x00 PREC=0x00 TTL=64 ID=53774 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK PSH URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=1132 TOS=0x00 PREC=0x00 TTL=64 ID=53774 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=227 RES=0x00 ACK PSH URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=53775 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=238 RES=0x00 ACK URGP=0 
Mar 15 23:49:11 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=53775 DF PROTO=TCP SPT=22 DPT=9224 WINDOW=238 RES=0x00 ACK URGP=0 
Mar 15 23:49:23 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=33550 DF PROTO=TCP SPT=7547 DPT=18274 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar 15 23:49:23 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=33550 DF PROTO=TCP SPT=7547 DPT=18274 WINDOW=0 RES=0x00 ACK RST URGP=0 
Mar 15 23:49:35 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27655 DF PROTO=TCP SPT=46260 DPT=443 WINDOW=276 RES=0x00 ACK URGP=0 
Mar 15 23:49:35 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27655 DF PROTO=TCP SPT=46260 DPT=443 WINDOW=276 RES=0x00 ACK URGP=0 
Mar 15 23:49:49 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=59307 DF PROTO=TCP SPT=34896 DPT=80 WINDOW=278 RES=0x00 ACK URGP=0 
Mar 15 23:49:49 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=59307 DF PROTO=TCP SPT=34896 DPT=80 WINDOW=278 RES=0x00 ACK URGP=0 
Mar 15 23:49:59 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=24397 DF PROTO=TCP SPT=56228 DPT=443 WINDOW=309 RES=0x00 ACK URGP=0 
Mar 15 23:49:59 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=24397 DF PROTO=TCP SPT=56228 DPT=443 WINDOW=309 RES=0x00 ACK URGP=0 
Mar 15 23:50:12 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=58013 DF PROTO=TCP SPT=34908 DPT=80 WINDOW=253 RES=0x00 ACK FIN URGP=0 
Mar 15 23:50:12 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=58013 DF PROTO=TCP SPT=34908 DPT=80 WINDOW=253 RES=0x00 ACK FIN URGP=0 
Mar 15 23:50:23 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=720 DF PROTO=TCP SPT=51550 DPT=80 WINDOW=237 RES=0x00 ACK URGP=0 
Mar 15 23:50:23 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=720 DF PROTO=TCP SPT=51550 DPT=80 WINDOW=237 RES=0x00 ACK URGP=0 
Mar 15 23:50:35 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=9946 DF PROTO=TCP SPT=33966 DPT=443 WINDOW=300 RES=0x00 ACK URGP=0 
Mar 15 23:50:35 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=9946 DF PROTO=TCP SPT=33966 DPT=443 WINDOW=300 RES=0x00 ACK URGP=0 
Mar 15 23:50:49 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=42429 DF PROTO=TCP SPT=54100 DPT=443 WINDOW=688 RES=0x00 ACK URGP=0 
Mar 15 23:50:49 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=42429 DF PROTO=TCP SPT=54100 DPT=443 WINDOW=688 RES=0x00 ACK URGP=0 
Mar 15 23:51:00 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=42430 DF PROTO=TCP SPT=54100 DPT=443 WINDOW=688 RES=0x00 ACK URGP=0 
Mar 15 23:51:00 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=42430 DF PROTO=TCP SPT=54100 DPT=443 WINDOW=688 RES=0x00 ACK URGP=0 
Mar 15 23:51:13 brad-arch kernel: PORT 161 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=40145 DF PROTO=TCP SPT=53992 DPT=443 WINDOW=342 RES=0x00 ACK PSH URGP=0 
Mar 15 23:51:13 brad-arch kernel: PORT 162 DROP: IN= OUT=eno1 SRC=<OMITTED> DST=<OMITTED> LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=40145 DF PROTO=TCP SPT=53992 DPT=443 WINDOW=342 RES=0x00 ACK PSH URGP=0 

EDIT: I haven't set this up right, have I? This is logging every connection, not the ones on the ports I care about...

Last edited by Bradley Hardy (2017-03-16 00:04:46)

Offline

#16 2017-03-16 18:32:21

loqs
Member
Registered: 2014-03-06
Posts: 18,633

Re: My computer is trying to access SNMP interfaces on the local network

Will leave someone with more experience in iptables/nftables to help with the firewalls rules.
I suspect you will have to combine it with something such as

# lsof -i :161,162,10161,10162

or

# ss -p '( dport = :161 or dport = :162 or dport = :10161 or dport = :10162 )'

Wrapped in a script to loop and output to file or possibly a systemd timer with the output sent to the journal

Offline

#17 2017-03-22 22:14:44

QuackDonkey
Member
Registered: 2017-01-27
Posts: 24

Re: My computer is trying to access SNMP interfaces on the local network

Best way to figure it out would be to launch wireshark and sniff for a while looking for what's inside those packets.

My bet is that could be SANE daemon triggered by dbus. If you have it installed check in /etc/sane.d/ for dll.conf dll.conf.d and net.conf and delete or comment everything you don't use

Offline

Board footer

Powered by FluxBB