[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040713170534.D15599@ubzr.zsa.bet>
From: measl at mfn.org (J.A. Terranson)
Subject: SNMP Broadcasts
On Tue, 13 Jul 2004, BillyBob wrote:
> From: BillyBob <billybobknob@...mail.com>
Hello Mr. Knob,
> Subject: [Full-Disclosure] SNMPBroadcasts
SNMP doesn't "broadcast"
> For the past 12 hours my external IP has been bombarded with SNMP
"Bombarded"? Below you state it was only "several per second". Are you
on a dial connection?
> Broadcasts, I have sent complaints to my ISP and the ISP of the originating
> IP.
And both are likely laughing their asses off right about now.
> The attacking IP must have some sort of worm or automated script to go
> through all the port numbers as his remote port starts at 60001 and goes up
> to 64087 but it hits my local ports 1-highest port # (65535) if I let my
> logs record that much.
SNMP goes to ports 161 and 162, *only*.
> Could this be some kind of SNMP DoS as I get several/second ?
I know I shouldn't be asking this, but... Do you know how to use
Ethereal?
--
Yours,
J.A. Terranson
sysadmin@....org
"...justice is a duty towards those whom you love and those whom you do
not. And people's rights will not be harmed if the opponent speaks out
about them."
Osama Bin Laden
Powered by blists - more mailing lists