I am using blackice on a computer at school, and I keep getting snmp probes from computers in another department on campus. I don't think that they are trying to hack me, it is just strange that these same 4 or 5 computers do a snmp port probe on my machine on a daily basis. Maybe they have somehing configured wrong?

Simple Network Management Protocol (SNMP) An Internet standard for monitoring and configuring network devices. You are likely part of an SNMP network there at school composed of management systems and agents.

Take a look here: http://webopedia.internet.com/TERM/S/SNMP.html

[This message has been edited by CMonster (edited 03-25-2000).]

Thanks Cmonster. I kind of understand what it is now. There are probably thousands of computers on our campus, why would only these 5 or so computers be probing me for snmp?

they r no doubt your servers

I don't think that they are my servers. These computers that are doing this are all in the education department. I have had BID running for several months, and this just started showing up a week or two ago.

They may not be specifically targeting "your" computer - it may be a broadcast type probe

Here are a few RFC's if you want to learn ALOT about SNMP.

RFC 1089 - SNMP over Ethernet
RFC 1140 - IAB Official Protocol Standards
RFC 1147 - Tools for Monitoring and Debugging TCP/IP
Internets and Interconnected Devices
[superceded by RFC 1470]
RFC 1155 - Structure and Identification of Management
Information for TCP/IP based internets.
RFC 1156 (H)- Management Information Base Network
Management of TCP/IP based internets
RFC 1157 - A Simple Network Managment Protocol
RFC 1158 - Management Information Base Network
Management of TCP/IP based internets: MIB-II
RFC 1161 (H)- SNMP over OSI
RFC 1187 - Bulk Table Retrieval with the SNMP
RFC 1212 - Concise MIB Definitions
RFC 1213 - Management Information Base for Network Management
of TCP/IP-based internets: MIB-II
RFC 1215 (I)- A Convention for Defining Traps for use with the SNMP
RFC 1224 - Techniques for Managing Asynchronously-Generated Alerts
RFC 1270 (I)- SNMP Communication Services
RFC 1303 (I)- A Convention for Describing SNMP-based Agents
RFC 1470 (I)- A Network Management Tool Catalog
RFC 1298 - SNMP over IPX
RFC 1418 - SNMP over OSI
RFC 1419 - SNMP over IPX

Could it be the administrators doing packet scanning? Maybe they are running diagnostics on the network, snmp is one of the tools you can use. Which computers are using it?

Ho man

SNMP Probe is a respond like when you ping, you have a reply

sound like There is a SNMP serve that request information form your PC and the request is accepted by your system

SNMP is used for diagnostic and can reveal a lot of informations from your PC

It's a matter to load the correct MIB and people can spy your activity

Best way, is to uninstall the SNMP Service from your computer
SNMP use the 161 and 162 for the reply - check you winsock on the port

If you have LAN printers setup for SNMP communities that also work off a Boot P server then you could be recieving packets from nearby LAN printers. Was there an outage recently that would have forced printers in your area to power cycle or restart?

Yes It can be many things
As a reminder, Snmp is a diadnostic protocol use for many purpose and is included in many devices Router RAID Printer SWITCHES etc...

Off course, it can be just a printer