I periodically see these entries in my logs:
SNMP.Master: Slot-1: Login failed through SNMPv1/v2c - bad community name (x.x.x.x)
This isn’t an Extreme issue - that’s just where I am seeing the messages. SNMP is configured correctly and the devices that SHOULD be using SNMP are not having a problem. It just seems that periodically devices on my network are attempting an SNMP connection to my Extreme switches and I just wondered if anyone knew why that might be? This is my core switch, so the devices are seeing it as the ‘gateway’.
The attempts are almost always in groups of four and as far as I can tell they are always from Windows clients. We have a large-ish network so getting access to the physical clients is tricky but I can gather some information remotely. And while there are repeat offenders, it’s usually different clients.
It’s as if they are polling their gateway for some reason. Is it malicious? What are they trying to accomplish? Is it the public, or private community? (If private, that might seem malicious...) If they gained access, what would they be trying to do?
Again, I know it’s not an Extreme issue, but I hoped the community might have seen this before and be able to shed some light.