By Spike
Feb 15, 2005
  1. Could someone please tell me what they Simple Network Management Protocol is all about, how it can be used, and in particular, why a remote machine carrying the IP would be originating a request to my machine?

    I'll happily admit that I don't know anything about this protocol, but I've rarely seen it and I've just visited an interesting page at that looked like it was scripted to attempt to change my homepage and serve me advertisements. Clearly, I'm wondering if the two might be related.
  2. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    It's a protocol that allows you to ask data from a device and also send data to a device. In plain, you can control things with it.

    It is normally used to monitor and control networking gear like routers and switches.
    Of course it can be used to transmit any data and perform any actions if the server supports it (by design or not).

    You were most likely hit by a generic scan over a range of IP addresses looking for open SNMP ports and potentially vulnerable servers behind it.

    If the access was blocked then don't sweat about it. You should be looking at traffic that actually gets through, not the normal internet background radiation.
  3. Spike

    Spike TS Evangelist Topic Starter Posts: 2,168

    Many thanks for than Nodsu! Very helpful.

    I do tend to look at the traffic that gets through, but as this was the first time my firewall had encountered a rewuest for the service, It struck me as strange, and so I blocked the traffic.

    What I did wonder, was that perhaps it was possible that my computer had picked up something from a site that offered me a page called shp.php containing

    amongst a variety of other ads and pages.

    I thought that perhaps the SNMP request may have been initiated by something my machine may have downloaded when it decided to visit these pages. I don't get this sort of thing often these days.

    The only reaso these things particularly bother me is that I've found that quite often, the damage from hijacks or spyware isn't too great a problem until you reboot the machine, and so catching it quickly can save a lot of hassle. I may be wrong about this, but it's what my experience so far seems to indicate.

    Many thanks.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Obviously some rotter who wants to change your home-page. Put him and its IP on the blacklist if you can, in Windows put them in your HOSTS file.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...