Google is your friend http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22illegally.iana.net %22 http://www.geocrawler.com/archives/3/169/2000/1/50/3209083/ http://archives.neohapsis.com/archives/freebsd/2000-01/0663.html http://www.aplawrence.com/Bofcusm/38.html http://www.isc.org/ml-archives/bind-users/1999/04/msg00432.html I thought that iana.net seemed familiar >-----Original Message----- >From: Keith Pachulski [mailto:keithpat_private] >Sent: Monday, January 20, 2003 1:10 PM >To: iscat_private >Cc: incidentsat_private >Subject: SNMP Weirdness > > >Has anyone seen this behavior, if so care to share the details > >I orginally saw these from an internal firewall, after setting >up a snort to grab the traffic I logged the following: > >[**] weirdness ensues [**] >01/20-13:46:27.084888 X.X.X.26:1697 -> 192.0.0.192:161 >UDP TTL:128 TOS:0x0 ID:22091 IpLen:20 DgmLen:265 >Len: 245 >30 81 EA 02 01 00 04 06 70 75 62 6C 69 63 A1 81 0.......public.. >DC 02 01 00 02 01 00 02 01 00 30 81 D0 30 0B 06 ..........0..0.. >07 2B 06 01 02 01 01 01 05 00 30 0B 06 07 2B 06 .+........0...+. >01 02 01 01 03 05 00 30 0B 06 07 2B 06 01 02 01 .......0...+.... >01 05 05 00 30 0D 06 09 2B 06 01 02 01 02 02 01 ....0...+....... >06 05 00 30 0D 06 09 2B 06 01 02 01 04 14 01 01 ...0...+........ >05 00 30 0E 06 0A 2B 06 01 02 01 19 03 02 01 03 ..0...+......... >05 00 30 10 06 0C 2B 06 01 04 01 0B 02 03 09 01 ..0...+......... >01 07 05 00 30 10 06 0C 2B 06 01 04 01 0B 02 03 ....0...+....... >09 05 01 03 05 00 30 10 06 0C 2B 06 01 04 01 0B ......0...+..... >02 04 03 08 03 02 05 00 30 10 06 0C 2B 06 01 04 ........0...+... >01 0B 02 04 03 08 03 03 05 00 30 0F 06 0B 2B 06 ..........0...+. >01 04 01 0B 02 04 03 0A 07 05 00 30 0F 06 0B 2B ...........0...+ >06 01 04 01 0B 02 04 03 0A 0D 05 00 30 0F 06 0B ............0... >2B 06 01 04 01 0B 02 04 03 0D 01 05 00 +............ > >I have a few internal machines sending the same queries to the >same address. > >Name: >192.0.0.0-is-used-for-printservices-discovery----illegally.iana.net >Address: 192.0.0.192 > >|Keith A. Pachulski ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 07:22:49 PST