Security Incidents mailing list archives
Re: Odd snmp scans from 10.0.0.0/8 address ???
From: xm () GEEKMAFIA DYNIP COM (Ex Machina)
Date: Thu, 27 Apr 2000 16:46:01 -0400
Interestingly enough, I've noticed that a LOT of large isps use 10.* for routers/stuff within their network. It is one of the reasons that you'll see random hops missing in traceroutes. Ex Machina (xm () geekmafia dynip com) http://geekmafia.dynip.com/~xm/ phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina GnuPG Keyprint: 0627 C3A8 DE25 F7FB 46BD 4870 2006 CF7F EBDA 949D On Thu, 27 Apr 2000, Wes Hardaker wrote:
Date: Thu, 27 Apr 2000 07:55:28 -0700 From: Wes Hardaker <wjhardaker () UCDAVIS EDU> To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Odd snmp scans from 10.0.0.0/8 address ???On Wed, 26 Apr 2000 17:06:50 +1200, Russell Fulton <r.fulton () AUCKLAND AC NZ> said:Russell> A few days ago we saw a series of scans that varied the 3rd Russell> octect of the IP address (see argus logs below). These scans Russell> appeared to be part of a much wider scan perhaps all of 130/8 Russell> as the scans repeated every couple of hours with a new final Russell> octet. But if they're coming from the 10.x.x.x block, then they are quite possibly coming from internally to your site since no one should be routing those packets through the net in the first place. It's probably someone at your site running network management software thats doing a map of the network. -- Wes Hardaker Distributed Computing Analysis and Support University of California at Davis
Current thread:
- Re: Odd snmp scans from 10.0.0.0/8 address ??? Wes Hardaker (Apr 27)
- Re: Odd snmp scans from 10.0.0.0/8 address ??? Ex Machina (Apr 27)