Re: SNMP attempts every 10 minutes

["Ivan ." <ivanhec () gmail com>]

Is it a SNMP-trap or SNMP-get request? There is a difference and your
email isn't clear.

SNMP-trap is sent by a device to a SNMP server

SNMP-get is a read request from a SNMP poller to a device

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm

I assume you mean a device is polling (SNMP-get) your core switch, and
it does not have the correct auth string. You should be able to
isolate the IP of the poller and they track down the box. It could be
a linux box running some "snmp-walk" requests.

cheers
Ivan

On 11 Jan 2008 20:33:27 -0000, <k7.fantr () gmail com> wrote:
> There is a machine on our network that is trying and failing to authenticate with the snmp trap on our core switch 
> every 10 minutes. I can not seem to isolate what is making the requests. Based on scans that I have run, there is no 
> know malware (nothing detected anyway). No services running appear to stop the requests after being turned turned 
> off, and after installing a host based firewall and reviewing the logs, as well as running wireshark and reviewing a 
> 2 hour capture, I can not seem to pin point anything making requests to that switch at all. It is the only machine on 
> the network of about 900 that is doing this.
>
>
> I want the machine removed so that I can investigate further, but I am getting resistance from the IT Manager and 
> support (no time.. not necessary..). Has anybody seen this before? Am I wrong to want this removed?
>
>
> Thanks in advance.