Re: Strange attacks in my log

To: debian-user@lists.debian.org
Subject: Re: Strange attacks in my log
From: Dan Purgert <dan@djph.net>
Date: Thu, 21 Feb 2019 10:17:01 -0000 (UTC)
Message-id: <[🔎] slrnq6sukt.idk.dan@djph.net>
References: <[🔎] 1876608.oeroLzc2Yz@protheus2>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hans wrote:
> Hi folks,
>
> I discovered some strange log entries, which are created by
> "portsentry" (a tool for wathing port accesses).
>
> It looks like whenever I insert an USB-drive or a SD-Card, the own
> system wants to access on an UDP-Port (69 or 161). It tries also to
> access all other computers in the network. 

UDP 161 is used for SNMP (Simple Network Management Protocol) -- well,
it's "assigned" to that protocol, but like TCP port 53 (DNS over TCP),
it may not be used all that much.

UDP 69 is TFTP.

>
> This looks strange for me, because I can not reproduce, why inserting
> a memeory device, network activies are started. [...]

Could be triggering some service on the machine in question. What OS is
the host you're plugging this card into running?


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAlxuepwACgkQjhHd8xJ5
ooHnQwf/TrmqKAeLc1zkKWfs1Oykk2t+HvD8DixH6380c3HHLIL0Wxp1IsxMEV7N
AsdFmYygp2KFzo+CqzhIdYQkN2mV2DikkQEeMsgoJCTSCEGk5c9shSnSjjErH3J0
+y8xMfGD8edRD/rLfbmoqWsHjzthEfhPDLQNvi7YtVlssfL6/MR9F8sv6mYUiTQR
HE8YN276x47ytVBDIsfX1yvaxpxt51Zg3bdVPNWBfO2r79DuHJaaSykv8lB/VT3F
3Aj/+u78ZkhSlhJvN3JajZIbvOg9nXGSpNZRa4KFKCrKVXvJw6+zT4vaa3/B4Bvx
TTGV94s/vF4OKPtUpK3piEDEejTroQ==
=or9p
-----END PGP SIGNATURE-----

-- 
|_|O|_| 
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

References:
- Strange attacks in my log
  - From: Hans <hans.ullrich@loop.de>

Prev by Date: Re: Strange attacks in my log
Next by Date: Re: Strange attacks in my log
Previous by thread: Re: Strange attacks in my log
Next by thread: control the order of service initialization in the Debian 9
Index(es):
- Date
- Thread