Looks like HP OpenView or some other network management tool with
auto-discovery turned on is wasting bandwidth on your corporate network.
(And I say that because...)
161 is SNMP's port number.
It's happening at regular intervals.
172.16.0.0/20 is private address space reserved IP's.
And...
On Sun, Dec 31, 2000 at 02:30:25PM -0600, Richard Cobbe wrote:
Either way, it's still a private IP address range. NOBODY should let
packets with one of these addresses, either as source or destination, cross
a network boundary. If the ISP is getting this traffic from its upstrea
provider, it
On Sun, Dec 31, 2000 at 05:25:54PM -0600, Richard Cobbe wrote:
JD Kitch [EMAIL PROTECTED] wrote:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet
On Tue, Jan 02, 2001 at 02:09:20AM -0600, will trillich wrote:
i've got something quite similar to this, but mine's on INPUT--
Jan 2 01:18:48 server kernel: Packet log: input DENY eth0 PROTO=1
172.156.51.114:10 224.0.0.2:0 L=28 S=0x00 I=8964 F=0x T=128 (#9)
Jan 2 01:18:51 server
On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote:
Lo, on Sunday, December 31, JD Kitch did write:
Now, find out *who's* sending this traffic. Make sure you've got the
lsof-2.2 package installed. As root, run
lsof | grep 61662 | grep -i udp
I do have that
On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote:
Uh oh. And you're still getting these log messages? That's probably not
good. It's possible that lsof could slip through the cracks, so to speak,
but it's pretty unlikely.
Just yesterday I got another machine connected to
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127 (#43)
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
whois 172.16.72.113
IANA (IANA-BBLK-RESERVED)
Internet Assigned Numbers Authority
Information Sciences Institute
University of Southern California
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED
Netblock: 172.16.0.0 - 172.31.0.0
from
Lo, on Sunday, December 31, JD Kitch did write:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662
On Sun, 31 Dec 2000 12:16:59 MST, JD Kitch writes:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
port 161 is snmp, so it looks like someoneĀ“s trying to get information
about your machine (or something at your ISP or the like is
On Sun, 31 Dec 2000 13:34:02 -0600, ktb said:
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower
On Sun, 31 Dec 2000 13:55:26 -0600 (CST), Richard Cobbe said:
Did you change your IP address in the above report? IIRC, 172.16.*.* is
a block of private addresses. Packets to this address should be dropped
automatically by an upstream router. My guess, therefore, is that these
Lo, on Sunday, December 31, ktb did write:
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127
Lo, on Sunday, December 31, Pollywog did write:
On Sun, 31 Dec 2000 13:55:26 -0600 (CST), Richard Cobbe said:
Did you change your IP address in the above report? IIRC, 172.16.*.* is
a block of private addresses. Packets to this address should be dropped
automatically by an
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127 (#43)
I don't know what tool generated this log entry. This is a situation where a
good IDS
on Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch ([EMAIL PROTECTED]) wrote:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
traceroute
--
Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/
Evangelist, Zelerate,
*** Retraction ***
On Sun, Dec 31, 2000 at 03:36:13PM -0500, Bob Bernstein wrote:
What I gather is that this could be a student at isi.edu, which is
apparently part of the Univ. of California,
File this message under: Big Dummy Posts We Wish We Never Made
It's all brain-dead nonsense, based
On Sun, Dec 31, 2000 at 03:36:13PM -0500, Bob Bernstein wrote:
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127
(#43)
I don't know
JD Kitch [EMAIL PROTECTED] wrote:
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161
On Sun, Dec 31, 2000 at 04:18:30PM -0600, Richard Cobbe wrote:
JD Kitch [EMAIL PROTECTED] wrote:
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127
(#43)
On Sun, 31 Dec 2000 17:17:46 -0700, JD Kitch said:
Now, find out *who's* sending this traffic. Make sure you've got the
lsof-2.2 package installed. As root, run
lsof | grep 61662 | grep -i udp
I do have that package, but this command turned up no output.
You did this as
You are forbidden from posting for the rest of the millenium. Since it's
6pm MST on the eve of the millennium, this shouldn't be too hard :)
On Sun, 31 Dec 2000, Bob Bernstein wrote:
*** Retraction ***
On Sun, Dec 31, 2000 at 03:36:13PM -0500, Bob Bernstein wrote:
What I gather is
On Sun, Dec 31, 2000 at 06:20:50PM -0700, John Galt wrote:
You are forbidden from posting for the rest of the millenium. Since it's
6pm MST on the eve of the millennium, this shouldn't be too hard :)
Punishment accepted.
See youse all next year!
--
Bob Bernstein
at
Esmond, Rhode Island,
Lo, on Sunday, December 31, JD Kitch did write:
Now, find out *who's* sending this traffic. Make sure you've got the
lsof-2.2 package installed. As root, run
lsof | grep 61662 | grep -i udp
I do have that package, but this command turned up no output.
Uh oh. And you're still
25 matches
Mail list logo
