RE: SNMP worm?

[Frank Knobbe <frank () knobbe us>]

On Wed, 2005-10-26 at 21:52 -0400, Robert MacDonald wrote:
> None here (yet). Possible a contractor or vendor showing off network
> solution-wares? Does it appear to be polling sequentially or
> randomly? Is it looking through particular subnets? Is it possibly a
> new printer(s) that have been plugged in or gone wild?

Another possibility is a misconfigured network management station. I
remember one incident in the past where a certain subnet got routinely
scanned from one particular box, which was named like
"netmon.noc.company.com". We notified the contact of that domain and
kept an eye on it. Eventually the flood stopped, so perhaps someone
noticed that a netmask was entered wrong :)

What was that saying about not attributing malice to something that can
be explained with stupidity? :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part