At 10:46 PM 10/21/99 +0900, you wrote:
>X-PMC-CI-e-mail-id: 11593
>
>I guess one of these days it is getting harder to keep track of what
>each port scan is doing.
>But, here it goes.
>
>Over the last few days, our DMZ hosts were scanned for UDP port 161 from
>multiple sites..
>My guess is some kind of trojan or something.
>
>Here it goes. Only a portion of the probe is listed.
>
> 1 packets: 203.97.101.36(20480) ->202.218.93.62(161), : Oct 16 09:40:23
> 1 packets: 203.97.101.36(20480) ->202.218.93.7(161), : Oct 16 09:40:30
> 1 packets: 203.97.101.36(20480) ->202.218.93.8(161), : Oct 16 09:40:30
> 1 packets: 203.97.101.36(20480) ->202.218.93.9(161), : Oct 16 09:40:30
> 1 packets: 209.46.83.2(61258) ->202.218.93.3(161), : Oct 20 18:59:45
> 1 packets: 209.46.83.2(62408) ->202.218.93.4(161), : Oct 20 19:45:04
> 1 packets: 209.46.83.2(63008) ->202.218.93.2(161), : Oct 20 18:14:08
>
>
>Does anyone know what this probe is?
It looks like a snmp query. Most likely, there are people in the US and
New Zealand who were wondering if you were running snmpd and if your
community string was public. I remember that Sun had a bug in their snmpd
about a year ago but I'm not sure if it is related.
-- Joe
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
