Web lists-archives.com

Re: Strange attacks in my log


On Thu, Feb 21, 2019 at 05:29:56PM +0100, Hans wrote:
> Am Donnerstag, 21. Februar 2019, 16:46:42 CET schrieb Reco:
> Yes, worked. However, I did not find any unusual, however, putting a stick in 
> is starting "colord-sane", which will explain the UDP request.

Judging from the whopping 151 lines of the source of this colord-sane -
it cannot explain UDP.
Just a wild guess, though. Do you have HPLIP installed?

Oh, can I see the audit please? Unless it's private and all that.

> This does not explain, why a sd-card or usb-stick is calling this.


> The only explanation I have, is that the kernel starts some module, which acts 
> as watched. 

Nope. See, nor kernel itself nor its modules do not have SNMP
implementation. Kernel can send broadcasts if told to. Kernel can
receive an answer to these broadcasts.
But nothing in the kernel can talk or understand SNMP.
It definitely was some userspace program.

> I wonder, why no one else noticed this behaviour, as this looks a "normal" 
> behaviour on all systems.

How many people run portsentry?
How many actually watch for the packets that are outgoing from the host?