Re: blocking incoming udp packets

---

• From: comphelp@xxxxxxxxx (Todd H.)
• Date: Wed, 09 Jul 2008 22:14:13 -0500

---

JClark <jclark@xxxxxxxxxxxxxx> writes:

On Wed, 09 Jul 2008 13:06:15 -0500, comphelp@xxxxxxxxx (Todd H.)
wrote:

JClark <jclark@xxxxxxxxxxxxxx> writes:

Returning to the original question, a summary, as I see it (not
necessarily correctly):

It seems the router is sending udp packets to 255.255.255.255 (both
source and destination ports = 520, or to 192.168.1.255 (source port
ranging from 7000 to 7259, and destination port 162.

I have no idea what this all means.

UDP 162 is the SNMP trap port. If you're not familiar with simple
network management protocol, this traffic to 162 may simply be the
network device attempting to send traps to be logged by an SNMP
management station.

UDP 520 is RIP routing. The router is advertising routes with this
exceedingly simple, easy to spoof protocol.

Both should be functionality that can be disabled in the source
network device.

Best Regards,

Todd,
Some good news. I was able to disable RIP routing in the router, and
now all the traffic over UDP 520 has stopped.
Now I need to work on the SNMP 162. It isn't quite as clear.
But it seems I'm on the right track.
Many thanks again.

Disabling SNMP in general on the device is a good idea if you're not
using it. Did I miss in this thread where the make/model of the
router was mentioned?


--
Todd H.
http://www.toddh.net/
.

---

• Follow-Ups:
  • Re: blocking incoming udp packets
    • From: JClark

• References:
  • blocking incoming udp packets
    • From: JClark
  • Re: blocking incoming udp packets
    • From: VanguardLH
  • Re: blocking incoming udp packets
    • From: JClark
  • Re: blocking incoming udp packets
    • From: VanguardLH
  • Re: blocking incoming udp packets
    • From: JClark
  • Re: blocking incoming udp packets
    • From: Todd H.
  • Re: blocking incoming udp packets
    • From: JClark

• Prev by Date: Re: blocking incoming udp packets
• Next by Date: Re: Double Encryption!!!
• Previous by thread: Re: blocking incoming udp packets
• Next by thread: Re: blocking incoming udp packets
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: blocking incoming udp packets ... It seems the router is sending udp packets to 255.255.255.255 (both ... and destination port 162. ... UDP 162 is the SNMP trap port. ... network device attempting to send traps to be logged by an SNMP ... (comp.security.firewalls) Re: blocking incoming udp packets ... It seems the router is sending udp packets to 255.255.255.255 (both ... and destination port 162. ... UDP 162 is the SNMP trap port. ... network device attempting to send traps to be logged by an SNMP ... (comp.security.firewalls) Re: blocking incoming udp packets ... It seems the router is sending udp packets to 255.255.255.255 (both ... and destination port 162. ... UDP 162 is the SNMP trap port. ... network device attempting to send traps to be logged by an SNMP ... (comp.security.firewalls) RE: DSL Modem or Router Cracked? ... first set up my Linksys cable/DSL router, I noticed it was sending out quite ... a bit of SNMP trap traffic, it appeared to be a periodic update on the ... I seem to recall these packets being sent at a rate ... DSL Modem or Router Cracked? ... (Incidents) Re: Linux vs LinkSys 4 port Cable router ... As far as SNMP logging is concerned, ... shed some light on this particular router. ... > It also doesn t talk about any of its SNMP capabilities. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2008-07