Looks like HP OpenView or some other network management tool with auto-discovery turned on is wasting bandwidth on your corporate network.
(And I say that because...) 161 is SNMP's port number. It's happening at regular intervals. 172.16.0.0/20 is private address space reserved IP's. And... I've seen the same thing in my logs at work when someone misconfigured HP OpenView. On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote: > Can anyone tell me what this person is looking for here, and how I > can find out where this is coming from? > > Security Violations > =-=-=-=-=-=-=-=-=-= > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43) > Dec 31 11:06:53 tower kernel: Packet log: output REJECT eth0 PROTO=17 > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7712 F=0x0000 T=127 (#43) > Dec 31 11:06:59 tower kernel: Packet log: output REJECT eth0 PROTO=17 > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7713 F=0x0000 T=127 (#43) > Dec 31 11:07:06 tower kernel: Packet log: output REJECT eth0 PROTO=17 > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7716 F=0x0000 T=127 (#43) > Dec 31 11:07:13 tower kernel: Packet log: output REJECT eth0 PROTO=17 > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7724 F=0x0000 T=127 (#43) > Dec 31 11:07:19 tower kernel: Packet log: output REJECT eth0 PROTO=17 > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7725 F=0x0000 T=127 (#43) > > I've been unable to track it down. I've had pages and pages of this > every hour since early yesterday, always coming from the same IP, to > the same port. > > TIA, > jdk -- Nate Duehr <[EMAIL PROTECTED]> GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2 Public Key available upon request, or at wwwkeys.pgp.net and others.
