Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Solaris /var/adm/messages has snmpdx "error while receiving a pdu" - possibly poll by CA Unicentre

In our Solaris 10's (this is a hardened server) messages file, we have following
 error messages :

#>  grep -i snmp messag* | grep "May  6"
messages:May  6 15:53:53 slasun11 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] error while receiving a pdu from 10.51.5.7.4265: The message has a wrong header type (0xd6)
messages:May  6 15:53:56 slasun11 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] error while receiving a pdu from 10.51.5.7.4364: The message has a wrong header type (0xd6)

Our CA Unicentre tech guy said when he issued "snmpwalk" command from the Unicentre's
server, it failed & he believes port 161/162 are not opened but when I checked using
"netstat -an | grep 16", I found it's idle (but not listening) on those two ports :

#> netstat -an | grep 16
      *.16161                             Idle
      *.161                               Idle
      *.162                               Idle


On another of our Solaris 9 server (which was not hardened), "netstat -an" yielded
the same idle outputs but "snmpwalk" issued by the CA Unicentre tech guy worked.


"svcs -a" outputs from the Solaris 10 server is as follows :

STATE          STIME    FMRI
legacy_run     Apr_21   lrc:/etc/rc2_d/S10lu
legacy_run     Apr_21   lrc:/etc/rc2_d/S20sysetup
legacy_run     Apr_21   lrc:/etc/rc2_d/S21perf
legacy_run     Apr_21   lrc:/etc/rc2_d/S30sysid_net
legacy_run     Apr_21   lrc:/etc/rc2_d/S69netconfig
legacy_run     Apr_21   lrc:/etc/rc2_d/S74xntpd
legacy_run     Apr_21   lrc:/etc/rc2_d/S76ACT_dumpscript
legacy_run     Apr_21   lrc:/etc/rc2_d/S81dodatadm_udaplt
legacy_run     Apr_21   lrc:/etc/rc2_d/S90LiebertM
legacy_run     Apr_21   lrc:/etc/rc2_d/S91afbinit
legacy_run     Apr_21   lrc:/etc/rc2_d/S91gfbinit
legacy_run     Apr_21   lrc:/etc/rc2_d/S91ifbinit
legacy_run     Apr_21   lrc:/etc/rc2_d/S91jfbinit
legacy_run     Apr_21   lrc:/etc/rc2_d/S91kfbinit
legacy_run     Apr_21   lrc:/etc/rc2_d/S91zuluinit
legacy_run     Apr_21   lrc:/etc/rc2_d/S98deallocate
legacy_run     Apr_21   lrc:/etc/rc2_d/S99dbora
legacy_run     Apr_21   lrc:/etc/rc2_d/S99sneep
legacy_run     Apr_21   lrc:/etc/rc3_d/S96init_cssd
legacy_run     Apr_21   lrc:/etc/rc3_d/S99EIS-DVDtag
disabled       Apr_21   svc:/network/iscsi_initiator:default
disabled       Apr_21   svc:/system/device/mpxio-upgrade:default
disabled       Apr_21   svc:/network/ipfilter:default
disabled       Apr_21   svc:/network/rpc/bind:default
disabled       Apr_21   svc:/network/rpc/keyserv:default
disabled       Apr_21   svc:/network/rpc/nisplus:default
disabled       Apr_21   svc:/network/nis/server:default
disabled       Apr_21   svc:/network/nis/client:default
disabled       Apr_21   svc:/network/dns/client:default
disabled       Apr_21   svc:/network/ldap/client:default
disabled       Apr_21   svc:/network/nfs/status:default
disabled       Apr_21   svc:/network/nfs/nlockmgr:default
disabled       Apr_21   svc:/network/nfs/cbd:default
disabled       Apr_21   svc:/network/nfs/mapid:default
disabled       Apr_21   svc:/network/inetd-upgrade:default
disabled       Apr_21   svc:/network/nfs/client:default
disabled       Apr_21   svc:/system/filesystem/autofs:default
disabled       Apr_21   svc:/application/print/server:default
disabled       Apr_21   svc:/network/smtp:sendmail
disabled       Apr_21   svc:/system/name-service-cache:default
disabled       Apr_21   svc:/system/patch-finish:delete
disabled       Apr_21   svc:/system/power:default
disabled       Apr_21   svc:/system/pools:default
disabled       Apr_21   svc:/system/rcap:default
disabled       Apr_21   svc:/network/rpc/bootparams:default
disabled       Apr_21   svc:/network/samba:default
disabled       Apr_21   svc:/network/winbind:default
disabled       Apr_21   svc:/network/wins:default
disabled       Apr_21   svc:/network/nfs/server:default
disabled       Apr_21   svc:/network/rarp:default
disabled       Apr_21   svc:/network/dhcp-server:default
disabled       Apr_21   svc:/application/management/webmin:default
disabled       Apr_21   svc:/application/print/ipp-listener:default
disabled       Apr_21   svc:/application/print/cleanup:default
disabled       Apr_21   svc:/application/database/postgresql:version_81
disabled       Apr_21   svc:/application/database/postgresql:version_82
disabled       Apr_21   svc:/application/gdm2-login:default
disabled       Apr_21   svc:/network/dns/server:default
disabled       Apr_21   svc:/network/routing/legacy-routing:ipv4
disabled       Apr_21   svc:/network/routing/legacy-routing:ipv6
disabled       Apr_21   svc:/network/routing/ndp:default
disabled       Apr_21   svc:/network/routing/rdisc:default
disabled       Apr_21   svc:/network/ipv6-forwarding:default
disabled       Apr_21   svc:/network/routing/ripng:default
disabled       Apr_21   svc:/network/routing/zebra:quagga
disabled       Apr_21   svc:/network/routing/ripng:quagga
disabled       Apr_21   svc:/network/routing/route:default
disabled       Apr_21   svc:/network/ipv4-forwarding:default
disabled       Apr_21   svc:/network/routing/rip:quagga
disabled       Apr_21   svc:/network/routing/ospf:quagga
disabled       Apr_21   svc:/network/routing/ospf6:quagga
disabled       Apr_21   svc:/network/routing/bgp:quagga
disabled       Apr_21   svc:/network/security/kadmin:default
disabled       Apr_21   svc:/network/security/krb5kdc:default
disabled       Apr_21   svc:/network/ipmievd:default
disabled       Apr_21   svc:/network/nis/passwd:default
disabled       Apr_21   svc:/network/nis/update:default
disabled       Apr_21   svc:/network/nis/xfr:default
disabled       Apr_21   svc:/network/http:apache2
disabled       Apr_21   svc:/network/apocd/udp:default
disabled       Apr_21   svc:/network/slp:default
disabled       Apr_21   svc:/platform/sun4u/sckmd:default
disabled       Apr_21   svc:/platform/sun4u/dcs:default
disabled       Apr_21   svc:/platform/sun4u/oplhpd:default
disabled       Apr_21   svc:/platform/sun4u/efdaemon:default
disabled       Apr_21   svc:/ldoms/vntsd:default
disabled       Apr_21   svc:/system/consadm:default
disabled       Apr_21   svc:/system/pools/dynamic:default
disabled       Apr_21   svc:/system/iscsitgt:default
disabled       Apr_21   svc:/system/sar:default
disabled       Apr_21   svc:/network/rpc/gss:default
disabled       Apr_21   svc:/network/rpc/rstat:default
disabled       Apr_21   svc:/application/print/rfc1179:default
disabled       Apr_21   svc:/network/rpc/ocfserv:default
disabled       Apr_21   svc:/network/rpc/rex:default
disabled       Apr_21   svc:/network/rpc/rusers:default
disabled       Apr_21   svc:/network/rpc/spray:default
disabled       Apr_21   svc:/network/rpc/wall:default
disabled       Apr_21   svc:/network/security/ktkt_warn:default
disabled       Apr_21   svc:/network/security/krb5_prop:default
disabled       Apr_21   svc:/network/swat:default
disabled       Apr_21   svc:/network/tname:default
disabled       Apr_21   svc:/network/telnet:default
disabled       Apr_21   svc:/network/nfs/rquota:default
disabled       Apr_21   svc:/network/uucp:default
disabled       Apr_21   svc:/network/chargen:dgram
disabled       Apr_21   svc:/network/chargen:stream
disabled       Apr_21   svc:/network/daytime:dgram
disabled       Apr_21   svc:/network/daytime:stream
disabled       Apr_21   svc:/network/discard:dgram
disabled       Apr_21   svc:/network/discard:stream
disabled       Apr_21   svc:/network/echo:dgram
disabled       Apr_21   svc:/network/echo:stream
disabled       Apr_21   svc:/network/time:dgram
disabled       Apr_21   svc:/network/time:stream
disabled       Apr_21   svc:/network/ftp:default
disabled       Apr_21   svc:/network/comsat:default
disabled       Apr_21   svc:/network/finger:default
disabled       Apr_21   svc:/network/login:eklogin
disabled       Apr_21   svc:/network/login:klogin
disabled       Apr_21   svc:/network/login:rlogin
disabled       Apr_21   svc:/network/rexec:default
disabled       Apr_21   svc:/network/shell:default
disabled       Apr_21   svc:/network/shell:kshell
disabled       Apr_21   svc:/network/talk:default
disabled       Apr_21   svc:/network/rpc-100235_1/rpc_ticotsord:default
disabled       Apr_21   svc:/network/login/tcp6:default
disabled       Apr_21   svc:/network/shell/tcp:default
disabled       Apr_21   svc:/network/exec/tcp:default
disabled       Apr_21   svc:/network/telnet/tcp6:default
online         Apr_21   svc:/system/svc/restarter:default
online         Apr_21   svc:/network/pfil:default
online         Apr_21   svc:/network/loopback:default
online         Apr_21   svc:/system/installupdates:default
online         Apr_21   svc:/milestone/name-services:default
online         Apr_21   svc:/network/physical:default
online         Apr_21   svc:/milestone/network:default
online         Apr_21   svc:/system/identity:node
online         Apr_21   svc:/system/metainit:default
online         Apr_21   svc:/system/filesystem/root:default
online         Apr_21   svc:/system/boot-archive:default
online         Apr_21   svc:/system/scheduler:default
online         Apr_21   svc:/system/filesystem/usr:default
online         Apr_21   svc:/system/keymap:default
online         Apr_21   svc:/system/device/local:default
online         Apr_21   svc:/system/filesystem/minimal:default
online         Apr_21   svc:/system/identity:domain
online         Apr_21   svc:/system/sysevent:default
online         Apr_21   svc:/platform/sun4v/drd:default
online         Apr_21   svc:/system/rmtmpfiles:default
online         Apr_21   svc:/system/resource-mgmt:default
online         Apr_21   svc:/system/coreadm:default
online         Apr_21   svc:/system/cryptosvc:default
online         Apr_21   svc:/system/picl:default
online         Apr_21   svc:/system/device/fc-fabric:default
online         Apr_21   svc:/milestone/devices:default
online         Apr_21   svc:/network/initial:default
online         Apr_21   svc:/system/manifest-import:default
online         Apr_21   svc:/network/service:default
online         Apr_21   svc:/milestone/single-user:default
online         Apr_21   svc:/platform/sun4v/efdaemon:default
online         Apr_21   svc:/system/filesystem/local:default
online         Apr_21   svc:/system/cron:default
online         Apr_21   svc:/system/sysidtool:net
online         Apr_21   svc:/system/dumpadm:default
online         Apr_21   svc:/system/sysidtool:system
online         Apr_21   svc:/application/psncollector:default
online         Apr_21   svc:/milestone/sysconfig:default
online         Apr_21   svc:/application/font/fc-cache:default
online         Apr_21   svc:/system/sac:default
online         Apr_21   svc:/system/utmp:default
online         Apr_21   svc:/network/inetd:default
online         Apr_21   svc:/system/system-log:default
online         Apr_21   svc:/application/management/wbem:default
online         Apr_21   svc:/network/ssh:default
online         Apr_21   svc:/application/management/seaport:default
online         Apr_21   svc:/system/auditd:default
online         Apr_21   svc:/application/management/sma:default
online         Apr_21   svc:/application/management/snmpdx:default
online         Apr_21   svc:/system/console-login:default
online         Apr_21   svc:/system/mdmonitor:default
online         Apr_21   svc:/network/routing-setup:default
online         Apr_21   svc:/application/x11/xfs:default
online         Apr_21   svc:/network/cde-spc:default
online         Apr_21   svc:/network/omni/tcp:default
online         Apr_21   svc:/system/fmd:default
online         Apr_21   svc:/system/webconsole:console
online         Apr_21   svc:/network/ntp:default
online         Apr_21   svc:/milestone/multi-user:default
online         Apr_21   svc:/application/graphical-login/cde-login:default
online         Apr_21   svc:/application/cde-printinfo:default
online         Apr_21   svc:/milestone/multi-user-server:default
online         Apr_21   svc:/system/zones:default
online         Apr_21   svc:/system/basicreg:default
offline        Apr_21   svc:/application/management/dmi:default
offline        Apr_21   svc:/system/filesystem/volfs:default
offline        Apr_21   svc:/network/rpc/meta:default
offline        Apr_21   svc:/network/rpc/cde-calendar-manager:default
offline        Apr_21   svc:/network/rpc/cde-ttdbserver:tcp
offline        Apr_21   svc:/network/rpc/smserver:default
offline        Apr_21   svc:/network/rpc/mdcomm:default
offline        Apr_21   svc:/network/rpc/metamed:default
offline        Apr_21   svc:/network/rpc/metamh:default
maintenance    Apr_21   svc:/application/stosreg:default
maintenance    Apr_21   svc:/network/stdiscover:default
maintenance    Apr_21   svc:/network/stlisten:default
maintenance    Apr_21   svc:/application/font/stfsloader:default
maintenance    Apr_21   svc:/network/rpc-100229_1-2/rpc_tcp:default
maintenance    Apr_21   svc:/network/rpc-100422_1/rpc_tcp:default

Avatar of sunhux
sunhux

ASKER

Just to add a bit, the snmp seemed enabled on this hardened Solaris 10 server :

slaSun11#> ps -ef | grep -i snm
    root   393     1   0   Apr 21 ?           0:00 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf
    root   388     1   0   Apr 21 ?           0:48 /usr/sfw/sbin/snmpd
    root  8370  8366   0   May 05 ?           0:35 /opt/aworks/services/bin/aws_snmp run --name=aws_snmp --instance=aws_snmp
    root 23549 23086   0 11:15:56 pts/3       0:00 grep -i snm
slaSun11#> svcs -a | grep -i snm
online         Apr_21   svc:/application/management/snmpdx:default
SOLUTION
Avatar of Hanno P.S.
Hanno P.S.
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux

ASKER

How can I verify if there's a firewall in between or something that
regenerate the traffic?

Can rpcinfo help, if so, kindly give me the actual syntax/qualifier
to do this?  Believe snmp uses udp ports 161, 162 & 6665, so
from current server, I've tried issuing a few rpcinfo unsuccessfully
(perhaps the current & remote server slasun11's hardening
 affected them) :


slasun02:/ >rpcinfo -T udp slasun11
rpcinfo: can't contact rpcbind: : RPC: Unable to receive; errno = Connection refused; System error
slasun02:/ >rpcinfo -T udp slasun02
rpcinfo: can't contact rpcbind: : RPC: Unable to receive; errno = Connection refused; System error
slasun02:/ >rpcinfo -T udp slasun02 161
rpcinfo: RPC: Rpcbind failure - RPC: Unable to receive
slasun02:/ >rpcinfo -T udp slasun02 161 2
rpcinfo: RPC: Rpcbind failure - RPC: Unable to receive
slasun02:/ >rpcinfo -s slasun02
rpcinfo: can't contact rpcbind: RPC: Rpcbind failure - RPC: Failed (unspecified error)


rpcinfo: RPC: Rpcbind failure - RPC: Unable to receive
slasun02:/ >rpcinfo -T udp slasun11 162
rpcinfo: RPC: Rpcbind failure - RPC: Unable to receive
slasun02:/ >rpcinfo -T udp slasun11 6665
rpcinfo: RPC: Rpcbind failure - RPC: Unable to receive

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux

ASKER

So "nmap" initiated from the subnet (where user is located) to the target
remote host can tell us if a certain Udp port has been blocked - is this correct?

"netstat -a" on the remote host can tell us if a Udp port is open but will need
a way to do this to verify if there's firewall in between that blocks it.

I seem to recall someone from HP Unix support team ever gave me a native
Tru64 Unix command that can do this verification too (to see if Udp port is
open on remote host)  but I'm not sure if it's rpcinfo.  If there's no such Unix
native tool/command (ie don't need a tool to be installed separately or an
extra 3rd party tool), let me know that there's no such command.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux

ASKER

Just one last question :

where can I download a freeware for Windows platform that
performs     "snmpwalk/snmpget "

Thanks
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial