Very Urgent! Strange msg in /var/log/messages
Friends,
We have RHEL AS 3.0 [2.4.21-4.ELsmp] with Oracle 9i. Daily i use to check tail -100 /var/log/messages today i saw in the messages.... Jul 27 08:34:03 prodb ucd-snmp[1157]:Received SNMP packet(s) from 166.34.2.144 Jul 27 08:34:06 prodb ucd-snmp[1157]:/proc/stat buffer increased to 384 Jul 27 08:34:06 prodb ucd-snmp[1157]:/proc/stat buffer increased to 640 Jul 27 08:34:06 prodb ucd-snmp[1157]:/proc/stat buffer increased to 896 166.34.2.144 is one of our collegue's ip. what is this message? What i have to do now? Please advice me. Thanks Sathyguy |
do you have a physical access to your collegue's system? why not search for the sending program there?
|
i didnt understand.
is there any program from my collegue's pc is trying to contact our server? he is using winxp. |
yup. that's what i mean. try fport from foundstone to find listening programs. you might also simply do netstat. it can even be the windows xp itself. try to turn off the snmp querying in windows. the bad thing is i really don't know if windows have snmp querying and i don't know how to turn it off.
|
All times are GMT -5. The time now is 08:57 PM. |