Web lists-archives.com

Re: Strange attacks in my log




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hans wrote:
> Hi folks,
>
> I discovered some strange log entries, which are created by
> "portsentry" (a tool for wathing port accesses).
>
> It looks like whenever I insert an USB-drive or a SD-Card, the own
> system wants to access on an UDP-Port (69 or 161). It tries also to
> access all other computers in the network. 

UDP 161 is used for SNMP (Simple Network Management Protocol) -- well,
it's "assigned" to that protocol, but like TCP port 53 (DNS over TCP),
it may not be used all that much.

UDP 69 is TFTP.

>
> This looks strange for me, because I can not reproduce, why inserting
> a memeory device, network activies are started. [...]

Could be triggering some service on the machine in question. What OS is
the host you're plugging this card into running?


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAlxuepwACgkQjhHd8xJ5
ooHnQwf/TrmqKAeLc1zkKWfs1Oykk2t+HvD8DixH6380c3HHLIL0Wxp1IsxMEV7N
AsdFmYygp2KFzo+CqzhIdYQkN2mV2DikkQEeMsgoJCTSCEGk5c9shSnSjjErH3J0
+y8xMfGD8edRD/rLfbmoqWsHjzthEfhPDLQNvi7YtVlssfL6/MR9F8sv6mYUiTQR
HE8YN276x47ytVBDIsfX1yvaxpxt51Zg3bdVPNWBfO2r79DuHJaaSykv8lB/VT3F
3Aj/+u78ZkhSlhJvN3JajZIbvOg9nXGSpNZRa4KFKCrKVXvJw6+zT4vaa3/B4Bvx
TTGV94s/vF4OKPtUpK3piEDEejTroQ==
=or9p
-----END PGP SIGNATURE-----

-- 
|_|O|_| 
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281