Results 1 to 3 of 3

Thread: SNMP Broadcast

  1. #1
    Junior Member
    Join Date
    Jun 2002

    SNMP Broadcast

    Does any one know of a worm or a hack that uses SNMP Broadcast on port 161 on a Windows NT 4 service pack 6a machine? I am picking up about 4 broadcast a minute on the snort logs coming from the NT 4 server. The broadcast is flooding the entire network and have been occuring for about a week and half now. The broadcast address is and on the machine, and the SNMP packets originate from ports ranging from 1045-4976, and broadcast in sequential order, but not exactly 1045.1046,1047. It is more like 1045,1051,1066,1101,.. and so forth. Any help would be appreciated.

  2. #2
    Join Date
    Dec 2003
    Install tcpview and see what running services/apps are broadcasting.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Did you install any HP JetAdmin software? This seems to continuesly broadcast SNMP messages in order to find 'new' printers. You can easily tweak these settings.

    If that doesn't work capture the packets using a sniffer and look at the MIB it's trying. This may give you some more clues.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts