vernono2000
MIS
I have noticed this behaviour in the firewall logs.The machine is a windows 2000 professional behind a firewall.
Very regularly, it sends out a UDP packet to an external address on the internet like this --> internalIPort1027 destination externalIPort 161; the packets are always the same size.I understand SNMP uses this port , but after looking up the external IP in whois, I see no reason at all that the win2k machine should be doing this. In the meantime, I have scanned this machine for trojan programs, which turned up negative.Also, I have blocked these packets at the firewall so they are being dropped and I do not notice any other suspicious traffic to or from this machine to the internet .
Very regularly, it sends out a UDP packet to an external address on the internet like this --> internalIPort1027 destination externalIPort 161; the packets are always the same size.I understand SNMP uses this port , but after looking up the external IP in whois, I see no reason at all that the win2k machine should be doing this. In the meantime, I have scanned this machine for trojan programs, which turned up negative.Also, I have blocked these packets at the firewall so they are being dropped and I do not notice any other suspicious traffic to or from this machine to the internet .