Re: Port scans to UDP 161 (SNMP)

From: Mookie (markat_private)
Date: Fri May 22 1998 - 05:22:33 PDT

  • Next message: Chris Brenton: "Re: Lotus Notes question"

    >	Has anyone seen this before?  I have been getting UDP (161/SNMP) port 
    >scans across my 205.247.224/24 (from .255 to .[012]?) repeatedly from 
    >certain IP #s.  The most recent events happened 6 times over the past 5 
    >days (all from the same IP).  The user of that IP has a laptop w/ 
    Yeah, same here, almost like the IMAP scans one sees. To machines they
    have no business looking at either. I think they are possibly looking for
    SNMP information describing the host in question, be it unix, a router or
    other device.
    I held off raising an incident report about this with an ISP earlier today,
    simply because it was a once off and I couldn't see any other activity from
    that IP. If it was more than one packet I'd have instituted greater counter
    measures against the host involved. You however sound as if you have either
    an attacker or an progam being tested by someone.
    Do you go with the simple explanation or the insidious approach? :)
    Good luck,

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:54 PDT