Re: Strange attacks in my log
- Date: Thu, 21 Feb 2019 10:17:01 -0000 (UTC)
- From: Dan Purgert <dan@xxxxxxxx>
- Subject: Re: Strange attacks in my log
-----BEGIN PGP SIGNED MESSAGE-----
> Hi folks,
> I discovered some strange log entries, which are created by
> "portsentry" (a tool for wathing port accesses).
> It looks like whenever I insert an USB-drive or a SD-Card, the own
> system wants to access on an UDP-Port (69 or 161). It tries also to
> access all other computers in the network.
UDP 161 is used for SNMP (Simple Network Management Protocol) -- well,
it's "assigned" to that protocol, but like TCP port 53 (DNS over TCP),
it may not be used all that much.
UDP 69 is TFTP.
> This looks strange for me, because I can not reproduce, why inserting
> a memeory device, network activies are started. [...]
Could be triggering some service on the machine in question. What OS is
the host you're plugging this card into running?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281