Security Incidents mailing list archives
Re: Odd snmp scans from 10.0.0.0/8 address ???
From: wjhardaker () UCDAVIS EDU (Wes Hardaker)
Date: Thu, 27 Apr 2000 07:55:28 -0700
On Wed, 26 Apr 2000 17:06:50 +1200, Russell Fulton <r.fulton () AUCKLAND AC NZ> said:
Russell> A few days ago we saw a series of scans that varied the 3rd Russell> octect of the IP address (see argus logs below). These scans Russell> appeared to be part of a much wider scan perhaps all of 130/8 Russell> as the scans repeated every couple of hours with a new final Russell> octet. But if they're coming from the 10.x.x.x block, then they are quite possibly coming from internally to your site since no one should be routing those packets through the net in the first place. It's probably someone at your site running network management software thats doing a map of the network. -- Wes Hardaker Distributed Computing Analysis and Support University of California at Davis
Current thread:
- Re: Odd snmp scans from 10.0.0.0/8 address ??? Wes Hardaker (Apr 27)
- Re: Odd snmp scans from 10.0.0.0/8 address ??? Ex Machina (Apr 27)