Security Incidents mailing list archives
Re: RE: SNMP worm?
From: hein () blubber com
Date: 27 Oct 2005 13:15:21 -0000
Are you lot sure that this SNMP traffic really originates from your networks? SNMP can easily be spoofed. So far we noticed nothing in our logs and the only scans come from myself. I would rather guess that a script kiddie is on the lose again and tries to play with SNMP. Well it can be rather fun to scan for SNMP. The amount of open devices one can find is scarey, not to talk about community names like public, private and ILMI. I would have a look at the community strings used to see if its a scan or if somebody tries a Dictionary attack. The best option is however to implement access lists accordingly and use very strong Community names.
Current thread:
- RE: SNMP worm? Robert MacDonald (Oct 26)
- RE: SNMP worm? Frank Knobbe (Oct 27)
- RE: SNMP worm? David Gillett (Oct 27)
- <Possible follow-ups>
- Re: RE: SNMP worm? hein (Oct 27)