Hi. On Thu, Feb 21, 2019 at 10:29:49AM +0100, Hans wrote: > Hi folks, > > I discovered some strange log entries, which are created by "portsentry" (a > tool for > wathing port accesses). > > It looks like whenever I insert an USB-drive or a SD-Card, the own system > wants to > access on an UDP-Port (69 or 161). udp:69 is TFTP. udp:161 is SNMP.
I can understand udp:161. One of the functions of snmpd is filesystem monitoring, and you have this scanbd thing that implies SANE that implies snmpd. But establishing TFTP session 'just because' is weird. > It tries also to access all other computers in the network. Broadcast, unicast, or ...? > This looks strange for me, because I can not reproduce, why inserting a > memeory > device, network activies are started. > > With wireshark I could see, this is "BJNP" (whatever this means) Curious. Can you share a this network dump in pcap format? As in, tcpdump -s0 -w /tmp/69_161.pcap -ni any udp port 69 or udp port 161 > Same happens, when pulling the USB-stick or the sd-card out. > > This is, what is in the log: > > ---------------- snip ---------- > > Feb 21 10:14:39 localhost udisksd[13607]: g_object_unref: > assertion'G_IS_OBJECT > (object)' failed Feb 21 10:14:44 localhost scanbd: /usr/sbin/scanbd: no > devices, not > starting any polling thread Useless > Feb 21 10:14:47 localhost portsentry[6172]: attackalert: > Connect from host: 192.168.2.117/192.168.2.117 to UDP port: 161 So it's a local SNMP connection, if I get it right? Reco
