Bonjour,
j'ai installé un agent SNMP sur un serveur 2003 standard.
Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
bien avec une adresse de destination unicast ou multicast.
Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
get-response) que lorsque qu'il reçoit des commandes get-request avec
comme
adresse de destination l'adresse IP (unicast) de la machine.
Pourquoi cette différence de comportement de l'agent SNMP entre adresse
unicast et multicast sous Windows Serveur 2003 ?
Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
2003 ?
Les masques de broadcast utilisés sont les suivants :
* 255.255.255.255 ou
* 10.1.1.255
Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
une
à une avec leur IP respective.
ps : - suis je sur le bon group pour cette question ?
- quel est le nom du group US (englais) ?
Merci,
Bonjour,
j'ai installé un agent SNMP sur un serveur 2003 standard.
Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
bien avec une adresse de destination unicast ou multicast.
Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
get-response) que lorsque qu'il reçoit des commandes get-request avec
comme
adresse de destination l'adresse IP (unicast) de la machine.
Pourquoi cette différence de comportement de l'agent SNMP entre adresse
unicast et multicast sous Windows Serveur 2003 ?
Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
2003 ?
Les masques de broadcast utilisés sont les suivants :
* 255.255.255.255 ou
* 10.1.1.255
Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
une
à une avec leur IP respective.
ps : - suis je sur le bon group pour cette question ?
- quel est le nom du group US (englais) ?
Merci,
Bonjour,
j'ai installé un agent SNMP sur un serveur 2003 standard.
Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
bien avec une adresse de destination unicast ou multicast.
Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
get-response) que lorsque qu'il reçoit des commandes get-request avec
comme
adresse de destination l'adresse IP (unicast) de la machine.
Pourquoi cette différence de comportement de l'agent SNMP entre adresse
unicast et multicast sous Windows Serveur 2003 ?
Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
2003 ?
Les masques de broadcast utilisés sont les suivants :
* 255.255.255.255 ou
* 10.1.1.255
Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
une
à une avec leur IP respective.
ps : - suis je sur le bon group pour cette question ?
- quel est le nom du group US (englais) ?
Merci,
Bonjour,
A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1 ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient
Le NG anglophone est le suivant: microsoft.public.windows.server.networking
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>
Bonjour,
A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1 ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient
Le NG anglophone est le suivant: microsoft.public.windows.server.networking
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" <agent@discussions.microsoft.com> wrote in message
news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>
Bonjour,
A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1 ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient
Le NG anglophone est le suivant: microsoft.public.windows.server.networking
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>
Bonjour,
j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
Cdt
"Lognoul, Marc (Private)" wrote:Bonjour,
A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau
que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient
Le NG anglophone est le suivant:
microsoft.public.windows.server.networking
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request
> aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp
> sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
> agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les
> machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>
Bonjour,
j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
Cdt
"Lognoul, Marc (Private)" wrote:
Bonjour,
A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau
que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient
Le NG anglophone est le suivant:
microsoft.public.windows.server.networking
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" <agent@discussions.microsoft.com> wrote in message
news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request
> aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp
> sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
> agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les
> machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>
Bonjour,
j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
Cdt
"Lognoul, Marc (Private)" wrote:Bonjour,
A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
le
broadcast ayant pour cible le service SNMP sous Windows Server 2003.
Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
ou
SP2 à ce niveau.
Etes-vous certain que le PC XP se trouve dans les même conditions réseau
que
les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
devriez
prendre une trace réseau sur une des machines cibles 2003 afin de bien
vérifier que le broadcast lui parvient
Le NG anglophone est le suivant:
microsoft.public.windows.server.networking
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'ai installé un agent SNMP sur un serveur 2003 standard.
>
> Sous XP, cet agent répond parfaitement au commande snmp get-request
> aussi
> bien avec une adresse de destination unicast ou multicast.
>
> Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
> get-response) que lorsque qu'il reçoit des commandes get-request avec
> comme
> adresse de destination l'adresse IP (unicast) de la machine.
>
> Pourquoi cette différence de comportement de l'agent SNMP entre adresse
> unicast et multicast sous Windows Serveur 2003 ?
>
> Y a t il un réglage de sécutité particulier contre le broadcast/snmp
> sous
> 2003 ?
>
> Les masques de broadcast utilisés sont les suivants :
>
> * 255.255.255.255 ou
> * 10.1.1.255
>
> Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
> agent
> sur le réseau grâce au multicast. Je suis obligé d'adresser les
> machines
> une
> à une avec leur IP respective.
>
> ps : - suis je sur le bon group pour cette question ?
> - quel est le nom du group US (englais) ?
>
> Merci,
>
Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" wrote in message
>> news:
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >
Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" <agent@discussions.microsoft.com> wrote in message
news:6046BF18-97A2-46E8-8BCE-03450ADA7387@microsoft.com...
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" <agent@discussions.microsoft.com> wrote in message
>> news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >
Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003 SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" wrote in message
>> news:
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >
* "accept SNMP packets from any host"
* firewall off
* SNMP port 161 est UDP donc pas scannable
* netstat -anb renvoie :
UDP 0.0.0.0:161 *:* 2108
[snmp.exe]
* Registry :
************** SNMP
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="SNMP Service"
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Enables Simple Network Management Protocol (SNMP) requests
to
be processed by this computer. If this service is stopped, the computer
will
be unable to process SNMP requests. If this service is disabled, any
services
that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
"EnableAuthenticationTraps"=dword:00000001
"NameResolutionRetries"=dword:00000010
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
"1"="SOFTWAREMON_AGENTCurrentVersion"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
"sysContact"="Custom"
"sysLocation"="public"
"sysServices"=dword:0000004c
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
"1"="10.1.1.255"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
"public"=dword:00000008
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
"0"="RootLEGACY_SNMP 000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
************** TCP/IP
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
00,00,00,00,00
"Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
"NV Hostname"="coder58"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="coder58"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
00,00,00,00
"EnableTCPA"=dword:00000001
"EnableRSS"=dword:00000001
"EnableTCPChimney"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
34,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
"NameServer"="10.1.1.254"
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b26
"T1"=dword:4856622e
"T2"=dword:48566774
"LeaseTerminatesTime"=dword:48566936
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8DA2F76B-D930-40A5-ABF6-CF088B3ECC95}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,32,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b39
"T1"=dword:48566241
"T2"=dword:48566787
"LeaseTerminatesTime"=dword:48566949
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersPersistentRoutes]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersWinsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipPerformance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 548 582 638 658 1530 1532 1534"
"WbemAdapFileSignature"=hex:5d,72,24,90,c4,74,a3,ab,db,6b,5e,1e,51,f6,85,45
"WbemAdapFileTime"=hex:00,e0,88,4c,df,57,c6,01
"WbemAdapFileSize"=dword:0000b200
"WbemAdapStatus"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipEnum]
"0"="RootLEGACY_TCPIP 000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
* le 2003 en question est une version Embedded, mais n'a pas subit de
hardening concernant la sécurité.
"Lognoul, Marc (Private)" wrote:Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou
> multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour
>> bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003
>> SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions
>> réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" wrote in message
>> news:
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request
>> > avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre
>> > adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >
* "accept SNMP packets from any host"
* firewall off
* SNMP port 161 est UDP donc pas scannable
* netstat -anb renvoie :
UDP 0.0.0.0:161 *:* 2108
[snmp.exe]
* Registry :
************** SNMP
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="SNMP Service"
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Enables Simple Network Management Protocol (SNMP) requests
to
be processed by this computer. If this service is stopped, the computer
will
be unable to process SNMP requests. If this service is disabled, any
services
that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
"EnableAuthenticationTraps"=dword:00000001
"NameResolutionRetries"=dword:00000010
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
"1"="SOFTWARE\MON_AGENT\CurrentVersion"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
"sysContact"="Custom"
"sysLocation"="public"
"sysServices"=dword:0000004c
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
"1"="10.1.1.255"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
"public"=dword:00000008
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
"0"="Root\LEGACY_SNMP\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
************** TCP/IP
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
00,00,00,00,00
"Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
"NV Hostname"="coder58"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="coder58"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
00,00,00,00
"EnableTCPA"=dword:00000001
"EnableRSS"=dword:00000001
"EnableTCPChimney"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
34,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
"NameServer"="10.1.1.254"
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b26
"T1"=dword:4856622e
"T2"=dword:48566774
"LeaseTerminatesTime"=dword:48566936
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8DA2F76B-D930-40A5-ABF6-CF088B3ECC95}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,32,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b39
"T1"=dword:48566241
"T2"=dword:48566787
"LeaseTerminatesTime"=dword:48566949
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersPersistentRoutes]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersWinsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipPerformance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 548 582 638 658 1530 1532 1534"
"WbemAdapFileSignature"=hex:5d,72,24,90,c4,74,a3,ab,db,6b,5e,1e,51,f6,85,45
"WbemAdapFileTime"=hex:00,e0,88,4c,df,57,c6,01
"WbemAdapFileSize"=dword:0000b200
"WbemAdapStatus"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipEnum]
"0"="Root\LEGACY_TCPIP\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
* le 2003 en question est une version Embedded, mais n'a pas subit de
hardening concernant la sécurité.
"Lognoul, Marc (Private)" wrote:
Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" <agent@discussions.microsoft.com> wrote in message
news:6046BF18-97A2-46E8-8BCE-03450ADA7387@microsoft.com...
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou
> multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour
>> bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003
>> SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions
>> réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" <agent@discussions.microsoft.com> wrote in message
>> news:B276AB55-5481-4262-A9D3-3D69FEEC34D1@microsoft.com...
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request
>> > avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre
>> > adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >
* "accept SNMP packets from any host"
* firewall off
* SNMP port 161 est UDP donc pas scannable
* netstat -anb renvoie :
UDP 0.0.0.0:161 *:* 2108
[snmp.exe]
* Registry :
************** SNMP
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="SNMP Service"
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Enables Simple Network Management Protocol (SNMP) requests
to
be processed by this computer. If this service is stopped, the computer
will
be unable to process SNMP requests. If this service is disabled, any
services
that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
"EnableAuthenticationTraps"=dword:00000001
"NameResolutionRetries"=dword:00000010
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
"1"="SOFTWAREMON_AGENTCurrentVersion"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
"sysContact"="Custom"
"sysLocation"="public"
"sysServices"=dword:0000004c
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
"1"="10.1.1.255"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
"public"=dword:00000008
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
"0"="RootLEGACY_SNMP 000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
************** TCP/IP
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
00,00,00,00,00
"Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
"NV Hostname"="coder58"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="coder58"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
00,00,00,00
"EnableTCPA"=dword:00000001
"EnableRSS"=dword:00000001
"EnableTCPChimney"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
34,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
"NameServer"="10.1.1.254"
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b26
"T1"=dword:4856622e
"T2"=dword:48566774
"LeaseTerminatesTime"=dword:48566936
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8DA2F76B-D930-40A5-ABF6-CF088B3ECC95}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{F8735D6F-5298-4465-811D-7EDE7487CF59}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,32,00,2e,00,32,00,32,00,31,00,
00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
00,35,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:48565b39
"T1"=dword:48566241
"T2"=dword:48566787
"LeaseTerminatesTime"=dword:48566949
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersPersistentRoutes]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersWinsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipPerformance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 548 582 638 658 1530 1532 1534"
"WbemAdapFileSignature"=hex:5d,72,24,90,c4,74,a3,ab,db,6b,5e,1e,51,f6,85,45
"WbemAdapFileTime"=hex:00,e0,88,4c,df,57,c6,01
"WbemAdapFileSize"=dword:0000b200
"WbemAdapStatus"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipSecurity]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipEnum]
"0"="RootLEGACY_TCPIP 000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
* le 2003 en question est une version Embedded, mais n'a pas subit de
hardening concernant la sécurité.
"Lognoul, Marc (Private)" wrote:Et j'imagine que vous avez déjà (re) vérifié la configuration du service
SNMP (accept from...) et qu'il n'y a pas de firewall en place sur le
serveur.
Si vous scannez avec NMAP par exemple, quel est le statu du port SNMP?
Pouvez-vous poster, si cela n'est pas confidentiel, un export du registre
concernant de la configuration SNMP et la TCP/IP (HKLMCCSServicex)
Le serveur a-t-il subi un "hardening"?
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> j'utilise wireshark et je vois bien les requêtes SNMP arriver sur le
> serveur 2003 quelque soit l'adresse de destination (unicast ou
> multicast).
>
> Cdt
>
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> A ma connaissance, il n'existe pas de mécanisme de sécurité pour
>> bloquer
>> le
>> broadcast ayant pour cible le service SNMP sous Windows Server 2003.
>> Je ne vois pas non plus de différences notables entre XP SP2 et 2003
>> SP1
>> ou
>> SP2 à ce niveau.
>> Etes-vous certain que le PC XP se trouve dans les même conditions
>> réseau
>> que
>> les serveurs 2003 (switch, hub, routeur...). Si tel est le cas, vous
>> devriez
>> prendre une trace réseau sur une des machines cibles 2003 afin de bien
>> vérifier que le broadcast lui parvient
>>
>> Le NG anglophone est le suivant:
>> microsoft.public.windows.server.networking
>>
>> --
>> Marc
>> [Heureux celui qui a pu pénétrer les causes secrètes des choses]
>>
>>
>> "agent" wrote in message
>> news:
>> > Bonjour,
>> >
>> > j'ai installé un agent SNMP sur un serveur 2003 standard.
>> >
>> > Sous XP, cet agent répond parfaitement au commande snmp get-request
>> > aussi
>> > bien avec une adresse de destination unicast ou multicast.
>> >
>> > Sous Windows Server 2003, l'agent ne répond (renvoie des commandes
>> > get-response) que lorsque qu'il reçoit des commandes get-request
>> > avec
>> > comme
>> > adresse de destination l'adresse IP (unicast) de la machine.
>> >
>> > Pourquoi cette différence de comportement de l'agent SNMP entre
>> > adresse
>> > unicast et multicast sous Windows Serveur 2003 ?
>> >
>> > Y a t il un réglage de sécutité particulier contre le broadcast/snmp
>> > sous
>> > 2003 ?
>> >
>> > Les masques de broadcast utilisés sont les suivants :
>> >
>> > * 255.255.255.255 ou
>> > * 10.1.1.255
>> >
>> > Bilan je n'arrive pas à "decouvrir" les machines 2003 possédant cet
>> > agent
>> > sur le réseau grâce au multicast. Je suis obligé d'adresser les
>> > machines
>> > une
>> > à une avec leur IP respective.
>> >
>> > ps : - suis je sur le bon group pour cette question ?
>> > - quel est le nom du group US (englais) ?
>> >
>> > Merci,
>> >
Bonjour,
Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan, regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?
Marc
"agent" wrote in message
news:
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:* 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP) requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWAREMON_AGENTCurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="RootLEGACY_SNMP 000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):00,00
> "EnableDeadGWDetect"=dword:00000001
> "DontAddDefaultGateway"=dword:00000000
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDeadGWDetect"=dword:00000001
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
> 00,00,00,00
> "SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
> 00,35,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
> 34,00,00,00,00,00
> "DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
> "NameServer"="10.1.1.254"
> "Domain"=""
> "RegistrationEnabled"=dword:00000001
> "RegisterAdapterName"=dword:00000000
> "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
> "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
> "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
> "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
> 33,00,00,00,00,00
> "DhcpClassIdBin"=hex:
> "DhcpServer"="255.255.255.255"
> "Lease"=dword:00000e10
> "LeaseObtainedTime"=dword:48565b26
> "T1"=dword:4856622e
> "T2"=dword:48566774
> "LeaseTerminatesTime"=dword:48566936
> "IPAutoconfigurationAddress"="0.0.0.0"
> "IPAutoconfigurationMask"="255.255.0.0"
> "IPAutoconfigurationSeed"=dword:00000000
Bonjour,
Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan, regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?
Marc
"agent" <agent@discussions.microsoft.com> wrote in message
news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:* 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP) requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWARE\MON_AGENT\CurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="Root\LEGACY_SNMP\0000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):00,00
> "EnableDeadGWDetect"=dword:00000001
> "DontAddDefaultGateway"=dword:00000000
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDeadGWDetect"=dword:00000001
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
> 00,00,00,00
> "SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
> 00,35,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
> 34,00,00,00,00,00
> "DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
> "NameServer"="10.1.1.254"
> "Domain"=""
> "RegistrationEnabled"=dword:00000001
> "RegisterAdapterName"=dword:00000000
> "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
> "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
> "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
> "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
> 33,00,00,00,00,00
> "DhcpClassIdBin"=hex:
> "DhcpServer"="255.255.255.255"
> "Lease"=dword:00000e10
> "LeaseObtainedTime"=dword:48565b26
> "T1"=dword:4856622e
> "T2"=dword:48566774
> "LeaseTerminatesTime"=dword:48566936
> "IPAutoconfigurationAddress"="0.0.0.0"
> "IPAutoconfigurationMask"="255.255.0.0"
> "IPAutoconfigurationSeed"=dword:00000000
Bonjour,
Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan, regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?
Marc
"agent" wrote in message
news:
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:* 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP) requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWAREMON_AGENTCurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="RootLEGACY_SNMP 000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):00,00
> "EnableDeadGWDetect"=dword:00000001
> "DontAddDefaultGateway"=dword:00000000
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "UseZeroBroadcast"=dword:00000000
> "EnableDeadGWDetect"=dword:00000001
> "EnableDHCP"=dword:00000000
> "IPAddress"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,32,00,31,00,
> 00,00,00,00
> "SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,
> 00,35,00,2e,00,30,00,00,00,00,00
> "DefaultGateway"=hex(7):31,00,30,00,2e,00,31,00,2e,00,31,00,2e,00,32,00,35,00,
> 34,00,00,00,00,00
> "DefaultGatewayMetric"=hex(7):31,00,00,00,00,00
> "NameServer"="10.1.1.254"
> "Domain"=""
> "RegistrationEnabled"=dword:00000001
> "RegisterAdapterName"=dword:00000000
> "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
> "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
> "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
> "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,
> 33,00,00,00,00,00
> "DhcpClassIdBin"=hex:
> "DhcpServer"="255.255.255.255"
> "Lease"=dword:00000e10
> "LeaseObtainedTime"=dword:48565b26
> "T1"=dword:4856622e
> "T2"=dword:48566774
> "LeaseTerminatesTime"=dword:48566936
> "IPAutoconfigurationAddress"="0.0.0.0"
> "IPAutoconfigurationMask"="255.255.0.0"
> "IPAutoconfigurationSeed"=dword:00000000
Bonjour,
l'agent est un outil propriétaire.
nmap voit le port 161 comme "open | filtered"
Cdt
"Lognoul, Marc (Private)" wrote:Bonjour,
Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?
Marc
"agent" wrote in message
news:
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:*
> 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP)
> requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWAREMON_AGENTCurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="RootLEGACY_SNMP 000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
Bonjour,
l'agent est un outil propriétaire.
nmap voit le port 161 comme "open | filtered"
Cdt
"Lognoul, Marc (Private)" wrote:
Bonjour,
Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?
Marc
"agent" <agent@discussions.microsoft.com> wrote in message
news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:*
> 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP)
> requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWARE\MON_AGENT\CurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="Root\LEGACY_SNMP\0000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
Bonjour,
l'agent est un outil propriétaire.
nmap voit le port 161 comme "open | filtered"
Cdt
"Lognoul, Marc (Private)" wrote:Bonjour,
Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
regardez
les exemples sur le site).
L'agent installé en plus, est-ce un outil de gestion de serveur ou de
monitoring "bien connu"?
Marc
"agent" wrote in message
news:
> * "accept SNMP packets from any host"
> * firewall off
> * SNMP port 161 est UDP donc pas scannable
> * netstat -anb renvoie :
>
> UDP 0.0.0.0:161 *:*
> 2108
> [snmp.exe]
>
> * Registry :
>
> ************** SNMP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
> "Type"=dword:00000110
> "Start"=dword:00000002
> "ErrorControl"=dword:00000001
> "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>
> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
> 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
> "DisplayName"="SNMP Service"
> "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
> 00,00
> "DependOnGroup"=hex(7):00,00
> "ObjectName"="LocalSystem"
> "Description"="Enables Simple Network Management Protocol (SNMP)
> requests
> to
> be processed by this computer. If this service is stopped, the computer
> will
> be unable to process SNMP requests. If this service is disabled, any
> services
> that explicitly depend on it will fail to start."
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
> "EnableAuthenticationTraps"=dword:00000001
> "NameResolutionRetries"=dword:00000010
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
> "1"="SOFTWAREMON_AGENTCurrentVersion"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
> "sysContact"="Custom"
> "sysLocation"="public"
> "sysServices"=dword:0000004c
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
> "1"="10.1.1.255"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
> "public"=dword:00000008
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
> "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>
> 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>
> 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>
> 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>
> 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
> 01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
> "0"="RootLEGACY_SNMP 000"
> "Count"=dword:00000001
> "NextInstance"=dword:00000001
>
> ************** TCP/IP
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
> "Type"=dword:00000001
> "Start"=dword:00000001
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
> 00,73,00,79,00,73,00,00,00
> "DisplayName"="TCP/IP Protocol Driver"
> "Group"="PNP_TDI"
> "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
> "DependOnGroup"=hex(7):00,00
> "Description"="TCP/IP Protocol Driver"
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
> "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>
> 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>
> 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>
> 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>
> 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>
> 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>
> 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>
> 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>
> 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
> 00,00,00,00,00
> "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>
> 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>
> 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>
> 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
> 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
> "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>
> 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>
> 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>
> 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>
> 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>
> 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>
> 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>
> 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>
> 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>
> 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>
> 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>
> 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>
> 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>
> 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>
> 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>
> 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>
> 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
> 00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
> "NV Hostname"="coder58"
> "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>
> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>
> 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
> "NameServer"=""
> "ForwardBroadcasts"=dword:00000000
> "IPEnableRouter"=dword:00000000
> "Domain"=""
> "Hostname"="coder58"
> "SearchList"=""
> "UseDomainNameDevolution"=dword:00000001
> "EnableICMPRedirect"=dword:00000001
> "DeadGWDetectDefault"=dword:00000001
> "DontAddDefaultGatewayDefault"=dword:00000000
> "EnableSecurityFilters"=dword:00000000
> "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
> 00,00,00,00
> "EnableTCPA"=dword:00000001
> "EnableRSS"=dword:00000001
> "EnableTCPChimney"=dword:00000001
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
> "LLInterface"="WANARP"
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>
> 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>
> 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>
> 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>
> 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>
> 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>
> 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>
> 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>
> 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
> "NumInterfaces"=dword:00000002
> "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
> 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>
> 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>
> 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
> 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
> "LLInterface"=""
> "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>
> 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>
> 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>
> 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>
> 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
> 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>
> [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
Bonjour,
La section
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
est-elle réellement vide ou avez-vous omis de reproduire les information
qu'elle contient pour des raison de confidentialité?
Si celle-ci est vide, il est donc normal que le port soit vu comme
"filtered". Essayez à nouveau en configurant votre système client (adresse
IP) dans la liste des hôtes autorisés. C'est la la seule option standard
qui, AMHA, pourrait bloquer une requête entrante.
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> l'agent est un outil propriétaire.
>
> nmap voit le port 161 comme "open | filtered"
>
> Cdt
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
>> scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
>> regardez
>> les exemples sur le site).
>> L'agent installé en plus, est-ce un outil de gestion de serveur ou de
>> monitoring "bien connu"?
>>
>> Marc
>>
>> "agent" wrote in message
>> news:
>> > * "accept SNMP packets from any host"
>> > * firewall off
>> > * SNMP port 161 est UDP donc pas scannable
>> > * netstat -anb renvoie :
>> >
>> > UDP 0.0.0.0:161 *:*
>> > 2108
>> > [snmp.exe]
>> >
>> > * Registry :
>> >
>> > ************** SNMP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
>> > "Type"=dword:00000110
>> > "Start"=dword:00000002
>> > "ErrorControl"=dword:00000001
>> > "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>> >
>> > 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
>> > 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
>> > "DisplayName"="SNMP Service"
>> > "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
>> > 00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "ObjectName"="LocalSystem"
>> > "Description"="Enables Simple Network Management Protocol (SNMP)
>> > requests
>> > to
>> > be processed by this computer. If this service is stopped, the computer
>> > will
>> > be unable to process SNMP requests. If this service is disabled, any
>> > services
>> > that explicitly depend on it will fail to start."
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
>> > "EnableAuthenticationTraps"=dword:00000001
>> > "NameResolutionRetries"=dword:00000010
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
>> > "1"="SOFTWAREMON_AGENTCurrentVersion"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
>> > "sysContact"="Custom"
>> > "sysLocation"="public"
>> > "sysServices"=dword:0000004c
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
>> > "1"="10.1.1.255"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
>> > "public"=dword:00000008
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
>> > "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>> >
>> > 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>> >
>> > 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>> >
>> > 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>> >
>> > 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>> >
>> > 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>> >
>> > 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>> >
>> > 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
>> > 01,01,00,00,00,00,00,05,12,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
>> > "0"="RootLEGACY_SNMP 000"
>> > "Count"=dword:00000001
>> > "NextInstance"=dword:00000001
>> >
>> > ************** TCP/IP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
>> > "Type"=dword:00000001
>> > "Start"=dword:00000001
>> > "ErrorControl"=dword:00000001
>> > "Tag"=dword:00000004
>> > "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>> >
>> > 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
>> > 00,73,00,79,00,73,00,00,00
>> > "DisplayName"="TCP/IP Protocol Driver"
>> > "Group"="PNP_TDI"
>> > "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "Description"="TCP/IP Protocol Driver"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
>> > "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>> >
>> > 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>> >
>> > 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>> >
>> > 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>> >
>> > 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>> >
>> > 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>> >
>> > 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>> >
>> > 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>> >
>> > 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
>> > 00,00,00,00,00
>> > "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>> >
>> > 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>> >
>> > 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>> >
>> > 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
>> > 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
>> > "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>> >
>> > 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>> >
>> > 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>> >
>> > 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>> >
>> > 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>> >
>> > 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>> >
>> > 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>> >
>> > 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>> >
>> > 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>> >
>> > 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>> >
>> > 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>> >
>> > 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>> >
>> > 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>> >
>> > 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
>> > 00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
>> > "NV Hostname"="coder58"
>> > "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>> >
>> > 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>> >
>> > 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
>> > "NameServer"=""
>> > "ForwardBroadcasts"=dword:00000000
>> > "IPEnableRouter"=dword:00000000
>> > "Domain"=""
>> > "Hostname"="coder58"
>> > "SearchList"=""
>> > "UseDomainNameDevolution"=dword:00000001
>> > "EnableICMPRedirect"=dword:00000001
>> > "DeadGWDetectDefault"=dword:00000001
>> > "DontAddDefaultGatewayDefault"=dword:00000000
>> > "EnableSecurityFilters"=dword:00000000
>> > "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
>> > 00,00,00,00
>> > "EnableTCPA"=dword:00000001
>> > "EnableRSS"=dword:00000001
>> > "EnableTCPChimney"=dword:00000001
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
>> > "LLInterface"="WANARP"
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>> >
>> > 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>> >
>> > 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>> >
>> > 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>> >
>> > 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>> >
>> > 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>> >
>> > 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>> >
>> > 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>> >
>> > 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
>> > "NumInterfaces"=dword:00000002
>> > "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
>> > 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>> >
>> > 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>> >
>> > 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
>> > 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>> >
>> > 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>> >
>> > 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
>> > 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
Bonjour,
La section
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
est-elle réellement vide ou avez-vous omis de reproduire les information
qu'elle contient pour des raison de confidentialité?
Si celle-ci est vide, il est donc normal que le port soit vu comme
"filtered". Essayez à nouveau en configurant votre système client (adresse
IP) dans la liste des hôtes autorisés. C'est la la seule option standard
qui, AMHA, pourrait bloquer une requête entrante.
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" <agent@discussions.microsoft.com> wrote in message
news:9FED3BED-5B99-4786-8129-1963D9ED5BB2@microsoft.com...
> Bonjour,
>
> l'agent est un outil propriétaire.
>
> nmap voit le port 161 comme "open | filtered"
>
> Cdt
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
>> scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
>> regardez
>> les exemples sur le site).
>> L'agent installé en plus, est-ce un outil de gestion de serveur ou de
>> monitoring "bien connu"?
>>
>> Marc
>>
>> "agent" <agent@discussions.microsoft.com> wrote in message
>> news:64513123-431F-46A5-A685-1D7BD03AF912@microsoft.com...
>> > * "accept SNMP packets from any host"
>> > * firewall off
>> > * SNMP port 161 est UDP donc pas scannable
>> > * netstat -anb renvoie :
>> >
>> > UDP 0.0.0.0:161 *:*
>> > 2108
>> > [snmp.exe]
>> >
>> > * Registry :
>> >
>> > ************** SNMP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
>> > "Type"=dword:00000110
>> > "Start"=dword:00000002
>> > "ErrorControl"=dword:00000001
>> > "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>> >
>> > 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
>> > 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
>> > "DisplayName"="SNMP Service"
>> > "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
>> > 00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "ObjectName"="LocalSystem"
>> > "Description"="Enables Simple Network Management Protocol (SNMP)
>> > requests
>> > to
>> > be processed by this computer. If this service is stopped, the computer
>> > will
>> > be unable to process SNMP requests. If this service is disabled, any
>> > services
>> > that explicitly depend on it will fail to start."
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
>> > "EnableAuthenticationTraps"=dword:00000001
>> > "NameResolutionRetries"=dword:00000010
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
>> > "1"="SOFTWARE\MON_AGENT\CurrentVersion"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
>> > "sysContact"="Custom"
>> > "sysLocation"="public"
>> > "sysServices"=dword:0000004c
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
>> > "1"="10.1.1.255"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
>> > "public"=dword:00000008
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
>> > "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>> >
>> > 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>> >
>> > 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>> >
>> > 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>> >
>> > 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>> >
>> > 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>> >
>> > 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>> >
>> > 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
>> > 01,01,00,00,00,00,00,05,12,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
>> > "0"="Root\LEGACY_SNMP\0000"
>> > "Count"=dword:00000001
>> > "NextInstance"=dword:00000001
>> >
>> > ************** TCP/IP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
>> > "Type"=dword:00000001
>> > "Start"=dword:00000001
>> > "ErrorControl"=dword:00000001
>> > "Tag"=dword:00000004
>> > "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>> >
>> > 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
>> > 00,73,00,79,00,73,00,00,00
>> > "DisplayName"="TCP/IP Protocol Driver"
>> > "Group"="PNP_TDI"
>> > "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "Description"="TCP/IP Protocol Driver"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
>> > "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>> >
>> > 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>> >
>> > 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>> >
>> > 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>> >
>> > 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>> >
>> > 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>> >
>> > 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>> >
>> > 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>> >
>> > 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
>> > 00,00,00,00,00
>> > "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>> >
>> > 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>> >
>> > 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>> >
>> > 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
>> > 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
>> > "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>> >
>> > 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>> >
>> > 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>> >
>> > 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>> >
>> > 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>> >
>> > 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>> >
>> > 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>> >
>> > 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>> >
>> > 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>> >
>> > 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>> >
>> > 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>> >
>> > 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>> >
>> > 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>> >
>> > 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
>> > 00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
>> > "NV Hostname"="coder58"
>> > "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>> >
>> > 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>> >
>> > 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
>> > "NameServer"=""
>> > "ForwardBroadcasts"=dword:00000000
>> > "IPEnableRouter"=dword:00000000
>> > "Domain"=""
>> > "Hostname"="coder58"
>> > "SearchList"=""
>> > "UseDomainNameDevolution"=dword:00000001
>> > "EnableICMPRedirect"=dword:00000001
>> > "DeadGWDetectDefault"=dword:00000001
>> > "DontAddDefaultGatewayDefault"=dword:00000000
>> > "EnableSecurityFilters"=dword:00000000
>> > "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
>> > 00,00,00,00
>> > "EnableTCPA"=dword:00000001
>> > "EnableRSS"=dword:00000001
>> > "EnableTCPChimney"=dword:00000001
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
>> > "LLInterface"="WANARP"
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>> >
>> > 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>> >
>> > 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>> >
>> > 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>> >
>> > 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>> >
>> > 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>> >
>> > 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>> >
>> > 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>> >
>> > 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
>> > "NumInterfaces"=dword:00000002
>> > "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
>> > 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>> >
>> > 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>> >
>> > 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
>> > 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>> >
>> > 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>> >
>> > 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
>> > 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]
Bonjour,
La section
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
est-elle réellement vide ou avez-vous omis de reproduire les information
qu'elle contient pour des raison de confidentialité?
Si celle-ci est vide, il est donc normal que le port soit vu comme
"filtered". Essayez à nouveau en configurant votre système client (adresse
IP) dans la liste des hôtes autorisés. C'est la la seule option standard
qui, AMHA, pourrait bloquer une requête entrante.
--
Marc
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
"agent" wrote in message
news:
> Bonjour,
>
> l'agent est un outil propriétaire.
>
> nmap voit le port 161 comme "open | filtered"
>
> Cdt
>
> "Lognoul, Marc (Private)" wrote:
>
>> Bonjour,
>>
>> Merci pour la config, je la regarde et reviens vers vous. Vous pouvez
>> scanner TCP et UDP en utilisant nmap (choisir le bon type de scan,
>> regardez
>> les exemples sur le site).
>> L'agent installé en plus, est-ce un outil de gestion de serveur ou de
>> monitoring "bien connu"?
>>
>> Marc
>>
>> "agent" wrote in message
>> news:
>> > * "accept SNMP packets from any host"
>> > * firewall off
>> > * SNMP port 161 est UDP donc pas scannable
>> > * netstat -anb renvoie :
>> >
>> > UDP 0.0.0.0:161 *:*
>> > 2108
>> > [snmp.exe]
>> >
>> > * Registry :
>> >
>> > ************** SNMP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMP]
>> > "Type"=dword:00000110
>> > "Start"=dword:00000002
>> > "ErrorControl"=dword:00000001
>> > "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
>> >
>> > 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
>> > 00,6e,00,6d,00,70,00,2e,00,65,00,78,00,65,00,00,00
>> > "DisplayName"="SNMP Service"
>> > "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,
>> > 00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "ObjectName"="LocalSystem"
>> > "Description"="Enables Simple Network Management Protocol (SNMP)
>> > requests
>> > to
>> > be processed by this computer. If this service is stopped, the computer
>> > will
>> > be unable to process SNMP requests. If this service is disabled, any
>> > services
>> > that explicitly depend on it will fail to start."
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParameters]
>> > "EnableAuthenticationTraps"=dword:00000001
>> > "NameResolutionRetries"=dword:00000010
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents]
>> > "1"="SOFTWAREMON_AGENTCurrentVersion"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent]
>> > "sysContact"="Custom"
>> > "sysLocation"="public"
>> > "sysServices"=dword:0000004c
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationpublic]
>> > "1"="10.1.1.255"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities]
>> > "public"=dword:00000008
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPSecurity]
>> > "Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,
>> >
>> > 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
>> >
>> > 00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
>> >
>> > 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
>> >
>> > 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,
>> >
>> > 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,
>> >
>> > 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,
>> >
>> > 00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,
>> > 01,01,00,00,00,00,00,05,12,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPEnum]
>> > "0"="RootLEGACY_SNMP 000"
>> > "Count"=dword:00000001
>> > "NextInstance"=dword:00000001
>> >
>> > ************** TCP/IP
>> >
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip]
>> > "Type"=dword:00000001
>> > "Start"=dword:00000001
>> > "ErrorControl"=dword:00000001
>> > "Tag"=dword:00000004
>> > "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,
>> >
>> > 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,
>> > 00,73,00,79,00,73,00,00,00
>> > "DisplayName"="TCP/IP Protocol Driver"
>> > "Group"="PNP_TDI"
>> > "DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
>> > "DependOnGroup"=hex(7):00,00
>> > "Description"="TCP/IP Protocol Driver"
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipLinkage]
>> > "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,46,00,38,
>> >
>> > 00,37,00,33,00,35,00,44,00,36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,
>> >
>> > 34,00,34,00,36,00,35,00,2d,00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,
>> >
>> > 00,45,00,37,00,34,00,38,00,37,00,43,00,46,00,35,00,39,00,7d,00,00,00,5c,00,
>> >
>> > 44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,
>> >
>> > 00,30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,
>> >
>> > 45,00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,
>> >
>> > 00,46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,
>> >
>> > 69,00,63,00,65,00,5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,
>> > 00,00,00,00,00
>> > "Route"=hex(7):22,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,2d,
>> >
>> > 00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,00,
>> >
>> > 31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,46,
>> >
>> > 00,35,00,39,00,7d,00,22,00,00,00,22,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,
>> > 00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
>> > "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,
>> >
>> > 00,69,00,70,00,5f,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,36,00,46,00,
>> >
>> > 2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,00,38,00,31,
>> >
>> > 00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,37,00,43,00,
>> >
>> > 46,00,35,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,
>> >
>> > 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,45,00,42,00,35,00,44,00,
>> >
>> > 30,00,37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,
>> >
>> > 00,2d,00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,
>> >
>> > 46,00,33,00,32,00,36,00,45,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,
>> >
>> > 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,43,00,
>> >
>> > 37,00,36,00,41,00,44,00,31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,
>> >
>> > 00,35,00,38,00,30,00,2d,00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,
>> >
>> > 43,00,33,00,31,00,32,00,36,00,45,00,42,00,44,00,37,00,7d,00,00,00,5c,00,44,
>> >
>> > 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,
>> >
>> > 7b,00,38,00,44,00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,
>> >
>> > 00,30,00,2d,00,34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,
>> >
>> > 43,00,46,00,30,00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,
>> > 00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
>> > "NV Hostname"="coder58"
>> > "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
>> >
>> > 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
>> >
>> > 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
>> > "NameServer"=""
>> > "ForwardBroadcasts"=dword:00000000
>> > "IPEnableRouter"=dword:00000000
>> > "Domain"=""
>> > "Hostname"="coder58"
>> > "SearchList"=""
>> > "UseDomainNameDevolution"=dword:00000001
>> > "EnableICMPRedirect"=dword:00000001
>> > "DeadGWDetectDefault"=dword:00000001
>> > "DontAddDefaultGatewayDefault"=dword:00000000
>> > "EnableSecurityFilters"=dword:00000000
>> > "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,
>> > 00,00,00,00
>> > "EnableTCPA"=dword:00000001
>> > "EnableRSS"=dword:00000001
>> > "EnableTCPChimney"=dword:00000001
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdaptersNdisWanIp]
>> > "LLInterface"="WANARP"
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,43,00,37,00,36,00,41,00,44,00,
>> >
>> > 31,00,43,00,2d,00,34,00,39,00,35,00,30,00,2d,00,34,00,35,00,38,00,30,00,2d,
>> >
>> > 00,39,00,37,00,36,00,30,00,2d,00,36,00,42,00,43,00,43,00,33,00,31,00,32,00,
>> >
>> > 36,00,45,00,42,00,44,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,
>> >
>> > 00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,
>> >
>> > 6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,44,
>> >
>> > 00,41,00,32,00,46,00,37,00,36,00,42,00,2d,00,44,00,39,00,33,00,30,00,2d,00,
>> >
>> > 34,00,30,00,41,00,35,00,2d,00,41,00,42,00,46,00,36,00,2d,00,43,00,46,00,30,
>> >
>> > 00,38,00,38,00,42,00,33,00,45,00,43,00,43,00,39,00,35,00,7d,00,00,00,00,00
>> > "NumInterfaces"=dword:00000002
>> > "IpInterfaces"=hex:1c,ad,76,4c,50,49,80,45,97,60,6b,cc,31,26,eb,d7,6b,f7,a2,8d,
>> > 30,d9,a5,40,ab,f6,cf,08,8b,3e,cc,95
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{7EB5D07C-7670-42BE-A437-C5F866F326E3}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,45,00,42,00,35,00,44,00,30,00,
>> >
>> > 37,00,43,00,2d,00,37,00,36,00,37,00,30,00,2d,00,34,00,32,00,42,00,45,00,2d,
>> >
>> > 00,41,00,34,00,33,00,37,00,2d,00,43,00,35,00,46,00,38,00,36,00,36,00,46,00,
>> > 33,00,32,00,36,00,45,00,33,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersAdapters{F8735D6F-5298-4465-811D-7EDE7487CF59}]
>> > "LLInterface"=""
>> > "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,
>> >
>> > 6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,
>> >
>> > 00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,38,00,37,00,33,00,35,00,44,00,
>> >
>> > 36,00,46,00,2d,00,35,00,32,00,39,00,38,00,2d,00,34,00,34,00,36,00,35,00,2d,
>> >
>> > 00,38,00,31,00,31,00,44,00,2d,00,37,00,45,00,44,00,45,00,37,00,34,00,38,00,
>> > 37,00,43,00,46,00,35,00,39,00,7d,00,00,00,00,00
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDNSRegisteredAdapters]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]
>> >
>> > [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{4C76AD1C-4950-4580-9760-6BCC3126EBD7}]