It's an SNMP scan... if I can get to your SNMPD I can find out all kinds
of goodies.. in fact I will probably know more about what is happening on
your machine than you do. If I can gets the "write" community string I
can take control of the box.
Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com
"In theory, there is no difference between theory
and practice. But, in practice, there is. "
- Jan L.A. van de Snepscheut
Do your part for "Jam Echelon Day"!!
These are some of the key words (ref.
http://www.attrition.org/attrition/keywords.html):
Waihopai, INFOSEC, Information Security, Information Warfare, IW, IS,
Priavacy, Information Terrorism, Terrorism Defensive Information, Defense
Information Warfare, Offensive Information, Offensive Information Warfare,
National Information Infrastructure, InfoSec, Reno, Compsec, Computer
Terrorism, Firewalls, Secure Internet Connections, ISS, Passwords, DefCon V,
Hackers, Encryption, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI, Secert
Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP,
PEM, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN,
3B2, BITNET, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, JICC,
ReMOB, LEETAC, UTU, VNET, BRLO, BZ, CANSLO, CBNRC, CIDA, JAVA, Active X,
Compsec 97, LLC, DERA, Mavricks, Meta-hackers, ^?
On Thu, 21 Oct 1999, Chiaki Ishikawa wrote:
> X-PMC-CI-e-mail-id: 11593
>
> I guess one of these days it is getting harder to keep track of what
> each port scan is doing.
> But, here it goes.
>
> Over the last few days, our DMZ hosts were scanned for UDP port 161 from multiple
>sites..
> My guess is some kind of trojan or something.
>
> Here it goes. Only a portion of the probe is listed.
>
> 1 packets: 203.97.101.36(20480) ->202.218.93.62(161), : Oct 16 09:40:23
> 1 packets: 203.97.101.36(20480) ->202.218.93.7(161), : Oct 16 09:40:30
> 1 packets: 203.97.101.36(20480) ->202.218.93.8(161), : Oct 16 09:40:30
> 1 packets: 203.97.101.36(20480) ->202.218.93.9(161), : Oct 16 09:40:30
> 1 packets: 209.46.83.2(61258) ->202.218.93.3(161), : Oct 20 18:59:45
> 1 packets: 209.46.83.2(62408) ->202.218.93.4(161), : Oct 20 19:45:04
> 1 packets: 209.46.83.2(63008) ->202.218.93.2(161), : Oct 20 18:14:08
>
>
> Does anyone know what this probe is?
>
> I might just want to label such port for potential known trojan name
> in our log summary.
>
> --
> Ishikawa, Chiaki [EMAIL PROTECTED] or
> (family name, given name) [EMAIL PROTECTED]
> Personal Media Corp. ** Remove .NoSpam at the end before use **
> Shinagawa, Tokyo, Japan 142-0051
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
