Re: Odd snmp scans from 10.0.0.0/8 address ???

[wjhardaker () UCDAVIS EDU (Wes Hardaker)]

> > > > > On Wed, 26 Apr 2000 17:06:50 +1200, Russell Fulton <r.fulton () AUCKLAND AC NZ> said:

Russell> A few days ago we saw a series of scans that varied the 3rd
Russell> octect of the IP address (see argus logs below).  These scans
Russell> appeared to be part of a much wider scan perhaps all of 130/8
Russell> as the scans repeated every couple of hours with a new final
Russell> octet.

But if they're coming from the 10.x.x.x block, then they are quite
possibly coming from internally to your site since no one should be
routing those packets through the net in the first place.

It's probably someone at your site running network management software
thats doing a map of the network.

--
Wes Hardaker
Distributed Computing Analysis and Support
University of California at Davis