Security Incidents mailing list archives

Re: UDP to 161

From: fygrave () EPR0 ORG (CyberPsychotic)
Date: Thu, 17 Feb 2000 08:39:02 +0500


~:SNMP is a pretty safe bet.  I'm not aware of anyone writing a trojan to
~:use 161 yet, though there are several with user definable ports.  SNMP
~:scans happen pretty frequently, both malicious and on accident.

 True indeed. We had a flow of SNMP packets from some Moscow ISP. The
funny thing was that it was caused by some sick network printer which was
constantly dropping a few bits to zero in the IP address while talking to
its monitoring workstation (and was hitting our nameserver instead) :).

Current thread:

Re: SSH2 Exploit?, (continued)
- - - Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
    - Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
    - Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
    - Re: SSH2 Exploit? Mike Tancsa (Feb 15)
    - Re: SSH2 Exploit? //Stany (Feb 16)
    - Re: SSH2 Exploit? sysadmin (Feb 16)
    - AdForce hitting odd ports Rick Tortorella (Feb 11)
    - UDP to 161 CL: Nelson, Jeff (Feb 10)
    - Re: UDP to 161 Pavel Kankovsky (Feb 15)
    - Re: UDP to 161 Ryan Russell (Feb 15)
    - Re: UDP to 161 CyberPsychotic (Feb 16)
    - Re: UDP to 161 Russell Fulton (Feb 15)
    - Re: Private networks and home.{net|com} Andy Smith (Feb 09)
    - massive unapproved AXFR's and odd rcvd NOTIFY's Paul Wouters (Feb 09)
    - Re: massive unapproved AXFR's and odd rcvd NOTIFY's Francis A. Vidal (Feb 09)
    - [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
    - Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
    - a very strange scan Boris Badenov (Feb 09)
    - Re: a very strange scan Russell Fulton (Feb 10)
    - Possible stacheldraht variant/probe Stephen P. Berry (Feb 09)
    - Re: Possible stacheldraht variant/probe David Brumley (Feb 10)

(Thread continues...)