Hello, Has anyone seen this before? I have been getting UDP (161/SNMP) port scans across my 205.247.224/24 (from .255 to .[012]?) repeatedly from certain IP #s. The most recent events happened 6 times over the past 5 days (all from the same IP). The user of that IP has a laptop w/ Win-95(B?) running FrontPage-98 and IE-4.01; they also have AOL-(something), Office-97, Outlook-98, Project-98. Although they use DHCP (in a Win-95/Win-NT shop), it seems that this machine has always gotten the same IP#. The user seems to have been using the machine during each scan. The UDP source port seems to stay in the range 1030-1035 (for this and previous scans from other locations). I don't have a dump of the incomming packets, just a log that they were dropped. Any info greatly appreciated. Thanks, Max --- Max Euston <meustonat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:42 PDT