Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SNMP Failed Auth - Multiple Hosts

Hi,

I am receiving many reports from switches across my LAN reporting that different PC's are attemping SNMP queries.

They are not getting any information back, but I curious as to what is causing this traffic.

I have run port scans against the hosts, which are Windows 2000 PC's. There are the usual ports open and no strange processes running on these machines.

Any help or a nudge in the right direction would be appreciated !! This problem is more irritating than anything at the moment, but I would like to nip it in the bud, just incase it turns out to be something sinister.

Thanks

Greg

3 REPLIES
Hall of Fame Super Silver

Re: SNMP Failed Auth - Multiple Hosts

Greg

There are not many specifics in your message to work with. But one observation I have is that many Windows PCs will do an SNMP query to validate network attached printers.

Can you get some more information, especially what is the destination address of the SNMP packets. Once you know what they are trying to talk to you will be in a better position to know whether this is something to worry about or not.

HTH

Rick

New Member

Re: SNMP Failed Auth - Multiple Hosts

Well,

The I havn't checked the PC's for attached printers, but we use local ports for connecting to printers. IP or Shared.

I have checked for random installations of JetAdmin on the machine as well.

It's a regular 5 - 6 switches that are being probed.

It seems so random though. I know that I need to gather more information, ie, are the pc's in the same area, is this a common user etc....

Hence the original post, just looking for ideas, so thanks for the printer's, I will check that as well.

New Member

Re: SNMP Failed Auth - Multiple Hosts

This may be a shot in the dark, but do you have network printers installed with maybe HP Jetadmin software on PCs? Alot of time the software will try to "discover" snmp enabled devices (printers) on your network.

Also you could set up a sniffer and look for the OID in the GET requests , the OID should lead you in the right direction. If you know that you users are not doing anything wierd then you could just set it up on a "suspect" PC and monitor the outgoing traffic (snmp queries).

233
Views
0
Helpful
3
Replies
CreatePlease to create content