trapsess/trap2sink seems to be opening a "local listen" port leading to rendering the system vulner

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,
When I use the trapsess or trap2sink as follows to configure the agent to send traps to a target, I see that a local listen port is also opened.

trapsess -v2c -cpublic 10.8.76.101
or
trap2sink 10.8.76.101 public

When I run a netstat command to get the list of all listen ports that are *NOT* opened with the localhost IP i.e. netstat -an | grep -iE 'udp.*\*\.' | grep -iEv '127.0.0.1',
I see the following output:
udp4       0      0 10.8.101.20.161        *.*
udp4       0      0 *.18748                *.*

Running the command, lsof | grep 18748 shows the following:
snmpd     58163 root   12u    IPv4 0xfffff80033366b10                0t0      UDP *:18748

If I remove the trapsess/trap2sink directive, then this listen port is no longer opened.

Why is this listen port opened on the local host when the trap target is a remote machine? Would a remote machine connect to this port?
Since, it shows the port as “*.18478”, it has, most probably, been opened with INADDR_ANY.
How can I change to listen on either <LOCAL_IP_ADDR>:<port> or <127.0.0.1>:<port>?
Would I need to change the code or can this be accomplished by an extra param(?) to the trap2sink/trapsess directive?

Thanks,
Ananth

trapsess/trap2sink seems to be opening a "local listen" port leading to rendering the system vulner

trapsess/trap2sink seems to be opening a "local listen" port leading to rendering the system vulnerable.