I have a Linksys home router, and I occasionally use the Sonicwall VPN client to connect to my work network. I have not used my vpn in 4-5 days, and the PC it is loaded on is turned off. I ran Ethereal to look at something else, and I noticed SMNP TRAP messages being sent every 30 seconds, the data in the messages is as follows:
@in w.o.r.kip 500 h.o.m.eip 500.
w.o.r.kip is my vpn gateway address
h.o.m.eip is my cable modems ip
It is being sent from 192.168.1.1 (my linksys)
to 0.0.0.0 which I assume is everybody? (right)
Why is it still doing this after not being used for a few days. I power-cycled my linksys and it stopped, I may connect again to see if it starts up again.
Its a not properly closed port 500 (UDP ISAKMP is port 500 - used by Sonicwall VPN client), or your work firewall trying to re-make a connection to your computer (if its UDP then the work firewall probably doesn’t know to stop asking, especially if the linksys isn’t telling it to go away). Its sending this 'cos it sends traps detailing every NAT connection made through it by default. I’m guessing its sending it to the network (0.0.0.0) - not everybody (255.255.255.255) because that’s a default setting.
This idea was brought to you courtesy of (a) google and (b) micilin.
On a side note, here’s a recommendation:
Seeing as google mentioned Linksys SNMP traps being used for DDOS atacks, I’d recommend that you famliarise yourself with the SNMP configuration of your Linksys router, and also the firmware versions that you can run on it, and what thesafe ones are. I wouldn’t be surprised if the default value for the SNMP trap recipent is 0.0.0.0. If you didn’t set up the linksys yourself talk to the person(s) who did.
This is all guesswork, but, I hope it helps. And a belated welcome to the SDMB!