Announcement

Collapse
No announcement yet.

cannot "demystify" notification message

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • cannot "demystify" notification message

    Hello,
    yesterday I received weird messages from UPS management interface.
    It happened twice, each time about 10 messages in 3 seconds. And not appear anymore. Never happened before.

    10.0.0.3 is Domain controller machine in small office (sure no one didn't login yesterday to this machine). Unless it was hacked and a hacker tried to login to UPS interface . NO jokes - the network is well protected.

    But how to explain : Informational - System: Detected an unauthorized user attempting to access the SNMP interface from 169.254.86.78.

    What it could be ?

    Thanks.

    .................................................. .................................................. ........
    1.
    Subject: System: Detected an unauthorized user attempting to access the SNMP interface f

    Message body:
    v1
    Name : Company_ UPS
    Location : far_away
    Contact : ABC_UPS

    http://UPS_NAME
    http://10.0.0.51
    Serial # : ZA0607020281
    Device Ser #: QS0642110824
    Date: 10/19/2010
    Time: 18:33:12
    Code: 0x0004
    Informational - System: Detected an unauthorized user attempting to access the SNMP interface from 10.0.0.3.

    2. with the same subject as 1.

    v1
    Name : Kyard UPS
    Location : far_away
    Contact : ABC_UPS
    http://UPS_NAME
    http://10.0.0.51

    Serial # : ZA0607020281
    Device Ser #: QS0642110824
    Date: 10/19/2010
    Time: 16:57:17
    Code: 0x0004

    Informational - System: Detected an unauthorized user attempting to access the SNMP interface from 169.254.86.78.
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: cannot "demystify" notification message

    I wouldnt worry about it. Firstly that IP address is a PIPA address. Also the connection has been made from the DC. This though doesn't mean someone had authenticated from the console as they would need "interactive logon rights" or be a domain admin to do so. Secondly SNMP isnt an intelligent protocol and rather "chatty". Because its connectionless what you probably saw was just some broadcast traffic attempting to talk to the interface. Is that DC dual homed?

    Comment


    • #3
      Re: cannot "demystify" notification message

      1 nic connected to the switch.
      How APIPA address could appear?
      I thought the same what you are saying but sense I saw this first time on this network it was weird.

      Thanks for your input.
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment

      Working...
      X