Re: Slow SNMP scan...

[Jim Watt <wattjg () appliedbiosystems com>]

On Mon, 18 Feb 2002, Borja Marcos wrote:

} On Monday 18 February 2002 10:35, Borja Marcos wrote:
} > > Feb 13 20:55:39   195.77.170.25(2079) -> 192.52.153.240(161)
} > > Feb 13 21:14:56   195.77.170.25(2079) -> 192.52.153.241(161)
} > (...)
} >     I will get back to the list with the result
}
}       Confirmed. They have stopped the JetAdmin program and I have not detected
} further SNMP probes. It was a misconfigured discovery feature.

Thank you!  JetAdmin has plagued our internal networks (a /16 net) in the past.

The last packet in the second scan was observed early this morning:

Feb 18 02:01:18 195.77.170.25(4702) -> 192.52.153.33(161)

None since then, I'm happy to report.

}       BTW, before someone blames us... they are not our customers. I have phoned
} them because I have deteted the activity and a slow scan seems to be hostile.

I greatly appreciate your effort.  We're watching SNMP traffic very closely
right now.

Jim
-- 
Jim Watt                               wattjg () appliedbiosystems com
Applied Biosystems                     Voice (desk): +1 408 577 2228
3833 North First Street                Fax:          +1 408 894 9307
San Jose CA 95134-1701                 Voice (main): +1 408 577 2200


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com