> Has anyone seen this before? I have been getting UDP (161/SNMP) port >scans across my 205.247.224/24 (from .255 to .[012]?) repeatedly from >certain IP #s. The most recent events happened 6 times over the past 5 >days (all from the same IP). The user of that IP has a laptop w/ Yeah, same here, almost like the IMAP scans one sees. To machines they have no business looking at either. I think they are possibly looking for SNMP information describing the host in question, be it unix, a router or other device. I held off raising an incident report about this with an ISP earlier today, simply because it was a once off and I couldn't see any other activity from that IP. If it was more than one packet I'd have instituted greater counter measures against the host involved. You however sound as if you have either an attacker or an progam being tested by someone. Do you go with the simple explanation or the insidious approach? :) Good luck, Mark
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:54 PDT