[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] SNMP Broadcasts

To: BillyBob <billybobknob@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] SNMP Broadcasts
From: "J.A. Terranson" <measl@xxxxxxx>
Date: Tue, 13 Jul 2004 17:08:47 -0500 (CDT)

On Tue, 13 Jul 2004, BillyBob wrote:

> From: BillyBob <billybobknob@xxxxxxxxxxx>

Hello Mr. Knob,

> Subject: [Full-Disclosure] SNMPBroadcasts

SNMP doesn't "broadcast"

> For the past 12 hours my external IP has been bombarded with SNMP

"Bombarded"?  Below you state it was only "several per second".  Are you
on a dial connection?

> Broadcasts, I have sent complaints to my ISP and the ISP of the originating
> IP.

And both are likely laughing their asses off right about now.

> The attacking IP must have some sort of worm or automated script to go
> through all the port numbers as his remote port starts at 60001 and goes up
> to 64087 but it hits my local ports 1-highest port # (65535) if I let my
> logs record that much.

SNMP goes to ports 161 and 162, *only*.

> Could this be some kind of SNMP DoS as I get several/second ?

I know I shouldn't be asking this, but...  Do you know how to use
Ethereal?

-- 
Yours,

J.A. Terranson
sysadmin@xxxxxxx

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."

  Osama Bin Laden

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] SNMP Broadcasts
  - From: BillyBob

Prev by Date: Re: [Full-Disclosure] Windows XP "Security Upgrade" SP2
Next by Date: Re: [Full-Disclosure] Erasing a hard disk easily
Previous by thread: [Full-Disclosure] SNMP Broadcasts
Next by thread: Re: [Full-Disclosure] SNMP Broadcasts
Index(es):
- Date
- Thread