lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040713170534.D15599@ubzr.zsa.bet>
From: measl at mfn.org (J.A. Terranson)
Subject: SNMP Broadcasts

On Tue, 13 Jul 2004, BillyBob wrote:


> From: BillyBob <billybobknob@...mail.com>

Hello Mr. Knob,

> Subject: [Full-Disclosure] SNMPBroadcasts

SNMP doesn't "broadcast"

> For the past 12 hours my external IP has been bombarded with SNMP

"Bombarded"?  Below you state it was only "several per second".  Are you
on a dial connection?

> Broadcasts, I have sent complaints to my ISP and the ISP of the originating
> IP.

And both are likely laughing their asses off right about now.

> The attacking IP must have some sort of worm or automated script to go
> through all the port numbers as his remote port starts at 60001 and goes up
> to 64087 but it hits my local ports 1-highest port # (65535) if I let my
> logs record that much.

SNMP goes to ports 161 and 162, *only*.


> Could this be some kind of SNMP DoS as I get several/second ?

I know I shouldn't be asking this, but...  Do you know how to use
Ethereal?

-- 
Yours,

J.A. Terranson
sysadmin@....org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."

  Osama Bin Laden




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ