Date: Tue, 14 Jul 1998 09:46:34 +0200 From: Espen Torseth <Espen.Torseth@sds.no> To: freebsd-security@FreeBSD.ORG Subject: RE: Large-scale scan of SNMP ports Message-ID: <81A91106E131D111BA8500608C23A6620CDFF8@nt1gj.da.posten.no>
next in thread | raw e-mail | index | archive | help
There is the possibility that someone has started "auto-discovery" in HP-OpenView, CA UniCenter, etc. and given the wrong net-adress/subnet-mask. This has happend before, and will happen again... Regards Espen Torseth > -----Original Message----- > From: Hallam Oaks P/L list account [SMTP:maillist@oaks.com.au] > Sent: Tuesday, July 14, 1998 8:41 AM > To: freebsd-security@FreeBSD.ORG > Subject: Large-scale scan of SNMP ports > > Yesterday I detected what appears to be a large-scale scan of the 203.36 > and > 203.29 networks, coming from what appears to be a host connected to a > local > Australian provider. The host did not respond to traceroute, even at the > time > that the scan was taking place, so it's presumably behind a firewall. > > The host in question was sending UDP packets to the SNMP port (only) of > every > IP address in both of the networks I have routed here, starting from > higher > IP's and going to lower. > > The reason why I suggest that it is 'large scale' is that they first > scanned > a subnet I have in the 203.36 network, and then some four hours later > scanned > every IP in my other subnet (a class C in 203.29). As they were going down > in > addresses within the subnets it's reasonable to assume that in that > four-hour > period they scanned all the intervening IP's between 203.36 and 203.29. > > Can anyone suggest a legitimate reason for an unknown host to send UDP > packets to the SNMP ports of such an apparantly large range of systems ? > > regards, > > -- Chris > Hallam Oaks P/L > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?81A91106E131D111BA8500608C23A6620CDFF8>