specific-trap?
I noticed some unwarranted disk activity a minute ago and decided to tcpdump the network to see if something funny was going on. this is what I get:
Code:
17:24:22.700042 192.168.1.1.24433 > temple.flatland.org.snmptrap: Trap(35) E:3 does anybody know what this traffic is? you think I've been cracked ? |
I doubt it you're being cracked using SNMP. What does snmpd's logs say?
|
I don't even have snmpd running. I was thinking that they could be some kind of malformed packets or something... but I don't really know how flexible the snmp protocol/packet is.
Maybe it was an attempted D.o.S.? My disk activity was up untill the instant I brought down the interface, that's why I thought they might be on my system... I just can't figure out why the heck I was getting SOO many of those packets (there were a lot). I'm running a lynksys router, and I've read about some vonerabilities on them with the SNMP protocol... I could be way off here though. What you think? |
|
Thanks. It looks like I'm gonna have to play w/ the linksys a bit when I get some time. I know that I had disapled PnP...
I think that the disk activity was probably from klogd, I didn't have a BURST lilmit in my tables. <Got attacked again last night> Ok, so even if I let this come through the lynksys (which I hopefully won't), Is the DoS vunerability really a security issue with me? Am I wrong in assuming that DoS attacks only pose a threat to the attacked port? Or is it a threat to any port? What about if it's all caught by iptables? |
Is the DoS vunerability really a security issue with me?
You can't classify the SNMP reporting/probing as a DoS unless it would severely bog down your connections. For classifying it as a threat to your Linksys and any boxen receiving SNMP you would need to first review the passwds, community strings etc etc. Am I wrong in assuming that DoS attacks only pose a threat to the attacked port? DoS stands for "Denial of Service" and it can mean different things from someone being able to clog up your network connections or bogging down the box with processess to being able to make the box do things you didn't authorize. There's some links in the first sticky thread of this forum post #2 about DoS and DDoS, I suggest you read 'em. |
Thank you... I'll do just that (read the links).
|
All times are GMT -5. The time now is 11:49 AM. |