On Mon, 18 Feb 2002, Borja Marcos wrote: } On Monday 18 February 2002 10:35, Borja Marcos wrote: } > > Feb 13 20:55:39 195.77.170.25(2079) -> 192.52.153.240(161) } > > Feb 13 21:14:56 195.77.170.25(2079) -> 192.52.153.241(161) } > (...) } > I will get back to the list with the result } } Confirmed. They have stopped the JetAdmin program and I have not detected } further SNMP probes. It was a misconfigured discovery feature. Thank you! JetAdmin has plagued our internal networks (a /16 net) in the past. The last packet in the second scan was observed early this morning: Feb 18 02:01:18 195.77.170.25(4702) -> 192.52.153.33(161) None since then, I'm happy to report. } BTW, before someone blames us... they are not our customers. I have phoned } them because I have deteted the activity and a slow scan seems to be hostile. I greatly appreciate your effort. We're watching SNMP traffic very closely right now. Jim -- Jim Watt wattjgat_private Applied Biosystems Voice (desk): +1 408 577 2228 3833 North First Street Fax: +1 408 894 9307 San Jose CA 95134-1701 Voice (main): +1 408 577 2200 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 23:51:09 PST