SNMP (get-request unicast vs multicast) vs Windows Serveur 2003

Bonjour,

A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1 ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient

Le NG anglophone est le suivant: microsoft.public.windows.server.networking

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]


"agent" <agent@discussions.microsoft.com> wrote in message
news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...

Bonjour,

j'ai installé un agent SNMP sur un serveur 2003 standard.

Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
bien avec une adresse de destination unicast ou multicast.

Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
get-response) que lorsque qu'il reçoit des commandes get-request avec
comme
adresse de destination l'adresse IP (unicast) de la machine.

Pourquoi cette différence de comportement de l'agent SNMP entre adresse
unicast et multicast sous Windows Serveur 2003 ?

Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
2003 ?

Les masques de broadcast utilisés sont les suivants :

* 255.255.255.255 ou
* 10.1.1.255

Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
une
à une avec leur IP respective.

ps : - suis je sur le bon group pour cette question ?
- quel est le nom du group US (englais) ?

Merci,

Bonjour,

j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).

Cdt


"Lognoul, Marc (Private)" wrote:

Bonjour,

A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1 ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient

Le NG anglophone est le suivant: microsoft.public.windows.server.networking

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]


"agent" <agent@discussions.microsoft.com> wrote in message
news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>

Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]


"agent" <agent@discussions.microsoft.com> wrote in message
news:6046BF18-97A2-46E8-8BCE-03450ADA7387@microsoft.com...

Bonjour,

j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).

Cdt


"Lognoul, Marc (Private)" wrote:

Bonjour,

A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau
que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient

Le NG anglophone est le suivant:
microsoft.public.windows.server.networking

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]


"agent" <agent@discussions.microsoft.com> wrote in message
news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request
> aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp
> sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
> agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les
> machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>

* "accept SNMP packets from any host"
* firewall off
* SNMP port 161 est UDP donc pas scannable
* netstat -anb renvoie :

UDP 0.0.0.0:161 *:* 2108
[snmp.exe]

* Registry :

************** SNMP

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:0000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="SNMP Service
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Enables Simple Network Management Protocol (SNMP) requests to
be processed by this computer. If this service is stopped, the computer will
be unable to process SNMP requests. If this service is disabled, any services
that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
"EnableAuthenticationTraps"=dword:00000001
"NameResolutionRetries"=dword:00000010

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
"1"="SOFTWARE\MON_AGENT\CurrentVersion"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
"sysContact"="Custom"
"sysLocation"="public"
"sysServices"=dword:0000004c

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
"1"="10.1.1.255"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
"public"=dword:00000008

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
"0"="Root\LEGACY_SNMP\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

************** TCP/IP

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:0000000
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
00,00,00,00,00
"Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
"NV Hostname"="coder58"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="coder58"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
00,00,00,00
"EnableTCPA"=dword:00000001
"EnableRSS"=dword:00000001
"EnableTCPChimney"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:0000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,0
"DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
34,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
"NameServer"="10.1.1.254"
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,0
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b26
"T1"=dword:4856622e
"T2"=dword:48566774
"LeaseTerminatesTime"=dword:48566936
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8DA2F76B-D930-40A5-ABF6-CF088B3ECC95}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:0000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,32,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,0
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b39
"T1"=dword:48566241
"T2"=dword:48566787
"LeaseTerminatesTime"=dword:48566949
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersPersistentRoutes]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersWinsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipPerformance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 548 582 638 658 1530 1532 1534"
"WbemAdapFileSignature"=hex:5d,72,24,90,c4,74,a3,ab,db,6b,5e,1e,51,f6,85,45
"WbemAdapFileTime"=hex:00,e0,88,4c,df,57,c6,01
"WbemAdapFileSize"=dword:0000b200
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipEnum]
"0"="Root\LEGACY_TCPIP\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

* le 2003 en question est une version Embedded, mais n'a pas subit de
hardening concernant la sécurité.

"Lognoul, Marc (Private)" wrote:

Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]


"agent" <agent@discussions.microsoft.com> wrote in message
news:6046BF18-97A2-46E8-8BCE-03450ADA7387@microsoft.com...
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" <agent@discussions.microsoft.com> wrote in message
>> news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >

Bonjour,

Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan, regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?

Marc

"agent" <agent@discussions.microsoft.com> wrote in message
news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...

* "accept SNMP packets from any host"
* firewall off
* SNMP port 161 est UDP donc pas scannable
* netstat -anb renvoie :

UDP 0.0.0.0:161 *:* 2108
[snmp.exe]

* Registry :

************** SNMP

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="SNMP Service"
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Enables Simple Network Management Protocol (SNMP) requests
to
be processed by this computer. If this service is stopped, the computer
will
be unable to process SNMP requests. If this service is disabled, any
services
that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
"EnableAuthenticationTraps"=dword:00000001
"NameResolutionRetries"=dword:00000010

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
"1"="SOFTWARE\MON_AGENT\CurrentVersion"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
"sysContact"="Custom"
"sysLocation"="public"
"sysServices"=dword:0000004c

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
"1"="10.1.1.255"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
"public"=dword:00000008

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,

00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,

00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,

00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,

00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
"0"="Root\LEGACY_SNMP\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

************** TCP/IP

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,

00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,

34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,

00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,

44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,

00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,

45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,

00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,

69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
00,00,00,00,00
"Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,

00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,

31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,

00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,

30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,

00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,

46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,

00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,

2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,

00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,

46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,

00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,

30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,

00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,

46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,

00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,

37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,

00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,

43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,

00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,

7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,

00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,

43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
"NV Hostname"="coder58"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,

00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="coder58"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
00,00,00,00
"EnableTCPA"=dword:00000001
"EnableRSS"=dword:00000001
"EnableTCPChimney"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,

6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,

00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,

31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,

00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,

36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,

00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,

6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,

00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,

34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,

00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,

6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,

00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,

37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,

00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,

6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,

00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,

36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,

00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
34,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
"NameServer"="10.1.1.254"
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b26
"T1"=dword:4856622e
"T2"=dword:48566774
"LeaseTerminatesTime"=dword:48566936
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8DA2F76B-D930-40A5-ABF6-CF088B3ECC95}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,32,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b39
"T1"=dword:48566241
"T2"=dword:48566787
"LeaseTerminatesTime"=dword:48566949
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersPersistentRoutes]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersWinsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,

6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,

00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,

00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,

00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,

00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,

00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipPerformance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 548 582 638 658 1530 1532 1534"
"WbemAdapFileSignature"=hex:5d,72,24,90,c4,74,a3,ab,db,6b,5e,1e,51,f6,85,45
"WbemAdapFileTime"=hex:00,e0,88,4c,df,57,c6,01
"WbemAdapFileSize"=dword:0000b200
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,

00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,

00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,

00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,

00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,

00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipEnum]
"0"="Root\LEGACY_TCPIP\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

* le 2003 en question est une version Embedded, mais n'a pas subit de
hardening concernant la sécurité.

"Lognoul, Marc (Private)" wrote:

Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]


"agent" <agent@discussions.microsoft.com> wrote in message
news:6046BF18-97A2-46E8-8BCE-03450ADA7387@microsoft.com...
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou
> multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour
>> bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003
>> SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions
>> réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" <agent@discussions.microsoft.com> wrote in message
>> news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request
>> > avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre
>> > adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >

Bonjour,

l'agent est un outil propriétaire.

nmap voit le port 161 comme "open | filtered"

Cdt

"Lognoul, Marc (Private)" wrote:

Bonjour,

Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan, regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?

Marc

"agent" <agent@discussions.microsoft.com> wrote in message
news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:* 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP) requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWARE\MON_AGENT\CurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="Root\LEGACY_SNMP\0000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):00,00
> "EnableDeadGWDetect"=dword:00000001
> "DontAddDefaultGateway"=dword:00000000
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDeadGWDetect"=dword:00000001
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
> 00,00,00,00
> "SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
> 00,35,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
> 34,00,00,00,00,00
> "DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
> "NameServer"="10.1.1.254"
> "Domain"=""
> "RegistrationEnabled"=dword:00000001
> "RegisterAdapterName"=dword:00000000
> "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
> "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
> "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
> "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
> 33,00,00,00,00,00
> "DhcpClassIdBin"=hex:
> "DhcpServer"="255.255.255.255"
> "Lease"=dword:00000e10
> "LeaseObtainedTime"=dword:48565b26
> "T1"=dword:4856622e
> "T2"=dword:48566774
> "LeaseTerminatesTime"=dword:48566936
> "IPAutoconfigurationAddress"="0.0.0.0"
> "IPAutoconfigurationMask"="255.255.0.0"
> "IPAutoconfigurationSeed"=dword:00000000

Bonjour,

La section
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
est-elle réellement vide ou avez-vous omis de reproduire les information
qu'elle contient pour des raison de confidentialité?

Si celle-ci est vide, il est donc normal que le port soit vu comme
"filtered". Essayez à nouveau en configurant votre système client (adresse
IP) dans la liste des hôtes autorisés. C'est la la seule option standard
qui, AMHA, pourrait bloquer une requête entrante.

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]

"agent" <agent@discussions.microsoft.com> wrote in message
news:9FED3BED-5B99-4786-8129-1963D9ED5BB2@microsoft.com...

Bonjour,

l'agent est un outil propriétaire.

nmap voit le port 161 comme "open | filtered"

Cdt

"Lognoul, Marc (Private)" wrote:

Bonjour,

Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?

Marc

"agent" <agent@discussions.microsoft.com> wrote in message
news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:*
> 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP)
> requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWARE\MON_AGENT\CurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="Root\LEGACY_SNMP\0000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]

Salut,

Cela ne change rien le port est toujours marqué "open|filtered".

Si le port était fermé il ne répondrait pas non plus au requêtes unicast.

Je ne pense pas que cela soit le pb d'autant plus que j'ai essayé de mettre
l'extension agent Intel de la carte réseau et celui ci se comporte comme mon
agent à savoir qu'il ne répond que sur une commande get-request dont la
destination est unicast. En multicast l'agent d'Intel ne répond pas également.

Donc, j'en déduit que Windows serveur 2003 se comporte différement par
rapport à un XP au niveau de la gestion des commande SNMP multicast.

Rappel : Service IpSec & firewall déastivés ...

D'autre part, quand j'envoie une commande get-request multicast mon
extension agent n'est pas appelé sur son interface SnmpExtensionQuery() alors
qu'il l'est avec un get request unicast cela montre bien que le système
filtre d'une manière ou d'une autre ... mais comment ?!

D'autres idées car je suis vraiment à sec sur ce point.

Help

"Lognoul, Marc (Private)" wrote:

Bonjour,

La section
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
est-elle réellement vide ou avez-vous omis de reproduire les information
qu'elle contient pour des raison de confidentialité?

Si celle-ci est vide, il est donc normal que le port soit vu comme
"filtered". Essayez à nouveau en configurant votre système client (adresse
IP) dans la liste des hôtes autorisés. C'est la la seule option standard
qui, AMHA, pourrait bloquer une requête entrante.

--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]

"agent" <agent@discussions.microsoft.com> wrote in message
news:9FED3BED-5B99-4786-8129-1963D9ED5BB2@microsoft.com...
> Bonjour,
>
> l'agent est un outil propriétaire.
>
> nmap voit le port 161 comme "open | filtered"
>
> Cdt
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
>> scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
>> regardez
>> les exemples sur le site).
>> L'agent installé en plus, est-ce un outil de gestion de serveur ou de
>> monitoring "bien connu"?
>>
>> Marc
>>
>> "agent" <agent@discussions.microsoft.com> wrote in message
>> news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...
>> > * "accept SNMP packets from any host"
>> > * firewall off
>> > * SNMP port 161 est UDP donc pas scannable
>> > * netstat -anb renvoie :
>> >
>> > UDP 0.0.0.0:161 *:*
>> > 2108
>> > [snmp.exe]
>> >
>> > * Registry :
>> >
>> > ************** SNMP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
>> > "Type"=dword:00000110
>> > "Start"=dword:00000002
>> > "ErrorControl"=dword:00000001
>> > "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>> >
>> > 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
>> > 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
>> > "DisplayName"="SNMP Service"
>> > "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
>> > 00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "ObjectName"="LocalSystem"
>> > "Description"="Enables Simple Network Management Protocol (SNMP)
>> > requests
>> > to
>> > be processed by this computer. If this service is stopped, the computer
>> > will
>> > be unable to process SNMP requests. If this service is disabled, any
>> > services
>> > that explicitly depend on it will fail to start."
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
>> > "EnableAuthenticationTraps"=dword:00000001
>> > "NameResolutionRetries"=dword:00000010
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
>> > "1"="SOFTWARE\MON_AGENT\CurrentVersion"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
>> > "sysContact"="Custom"
>> > "sysLocation"="public"
>> > "sysServices"=dword:0000004c
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
>> > "1"="10.1.1.255"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
>> > "public"=dword:00000008
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
>> > "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>> >
>> > 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>> >
>> > 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>> >
>> > 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>> >
>> > 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>> >
>> > 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>> >
>> > 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>> >
>> > 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
>> > 01,01,00,00,00,00,00,05,12,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
>> > "0"="Root\LEGACY_SNMP\0000"
>> > "Count"=dword:00000001
>> > "NextInstance"=dword:00000001
>> >
>> > ************** TCP/IP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
>> > "Type"=dword:00000001
>> > "Start"=dword:00000001
>> > "ErrorControl"=dword:00000001
>> > "Tag"=dword:00000004
>> > "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>> >
>> > 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
>> > 00,73,00,79,00,73,00,00,00
>> > "DisplayName"="TCP/IP Protocol Driver"
>> > "Group"="PNP_TDI"
>> > "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "Description"="TCP/IP Protocol Driver"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
>> > "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>> >
>> > 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>> >
>> > 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>> >
>> > 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>> >
>> > 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>> >
>> > 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>> >
>> > 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>> >
>> > 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>> >
>> > 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
>> > 00,00,00,00,00
>> > "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>> >
>> > 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>> >
>> > 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>> >
>> > 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
>> > 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
>> > "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>> >
>> > 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>> >
>> > 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>> >
>> > 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>> >
>> > 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>> >
>> > 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>> >
>> > 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>> >
>> > 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>> >
>> > 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>> >
>> > 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>> >
>> > 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>> >
>> > 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>> >
>> > 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>> >
>> > 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
>> > 00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
>> > "NV Hostname"="coder58"
>> > "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>> >
>> > 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>> >
>> > 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
>> > "NameServer"=""
>> > "ForwardBroadcasts"=dword:00000000
>> > "IPEnableRouter"=dword:00000000
>> > "Domain"=""
>> > "Hostname"="coder58"
>> > "SearchList"=""
>> > "UseDomainNameDevolution"=dword:00000001
>> > "EnableICMPRedirect"=dword:00000001
>> > "DeadGWDetectDefault"=dword:00000001
>> > "DontAddDefaultGatewayDefault"=dword:00000000
>> > "EnableSecurityFilters"=dword:00000000
>> > "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
>> > 00,00,00,00
>> > "EnableTCPA"=dword:00000001
>> > "EnableRSS"=dword:00000001
>> > "EnableTCPChimney"=dword:00000001
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
>> > "LLInterface"="WANARP"
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>> >
>> > 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>> >
>> > 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>> >
>> > 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>> >
>> > 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>> >
>> > 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>> >
>> > 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>> >
>> > 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>> >
>> > 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
>> > "NumInterfaces"=dword:00000002
>> > "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
>> > 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>> >
>> > 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>> >
>> > 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
>> > 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>> >
>> > 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>> >
>> > 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
>> > 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]