I constantly get these in the comodo firewall log, but what does it mean?
How do I get it away?
Severity: Medium
Description: Inbound Policy Violation (Access Denied, IP = *ROUTER IP*, PORT = snmptrap(162))
Protocol: UDP Incoming
Source: *ROUTER IP*:*RANDOM PORT*
Destination: *AN LOCAL IP (NO PC's on that IP)*:snmp(162)
Reason: Network Control Rule ID = *General Block Rule*
I also get some saying port: upnp-mcast(1900)
from another router (connecte through two)
What does these mean?
Can I prevent them from appearing in the log?
The SNMP (Simple Network Management Protocol) stuff is probably from one of the routers that has network monitoring turned on. On networks using routers a system admin can monitor his network by placing what they call MIB’s on each piece of equipment that he wants to keep an eye on. If you know how to access the routers so that you can see the router interface then probably you can turn the snmp feature off.
For starters what is the make and model of your routers? If you don’t know how or want to mess with it then maybe I can go to the manufacturers home page and find the documentation on it and see what a person can do to shut it off.
If you don’t have admin access to the routers then you would have to talk to your system admin as they would be the only ones with access to the routers in which case there is nothing you can probably do about it.
Now on the port 1900 that is Upnp. Those broadcasts are coming from your workstation. Usually you will see ports 1900 and 2869 being broadcast. You have two choices on the Upnp:
You can go to Start>Run and type in “services.msc” without the quotes and once that window comes up scroll down to “Universal Plug and Play Device Host” and Stop the service first then disable it. Next on the same list go to “SSDP Discovery Service” and do the same with it. If the service isn’t running then just disable it. You might have to disable the SSDP service first as there is an order you have to follow or it gives you a pop message that you need to disable the other one first. This is normal. If you get a popup then just go to the other service and disable it first then back to the other one and disable it last.
Now, if you do what I told you in #1 then you will not have Upnp enabled and some devices need it to work correctly. If something quits because you disabled the above services then you will have to leave them running and just live with the firewall alerts. The only thing to do in that case would be to write a rule to allow it then just don’t check the log checkbox and you shouldn’t see it in your log anymore. You could also do the same with the snmp alert, just write a rule to allow it and just don’t log it.
Hi, thanky you for your answer.
I already know about the router interface, but I find nothing called snmp.
Since it is my router, there should be no problem, so I might create a rule…
Thank you.
EDIT: I found out that snmp was caused by a logviewer feature on my router.
