Security Incidents mailing list archives
UDP to 161
From: JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)
Date: Thu, 10 Feb 2000 15:52:44 -0500
Good day, Forgive me if this question is obvious or redundant. We have an established pattern of attempts and denials at our company in two incidents from two different IP addresses. Logs show this: Jan 26 08:41:55 [Firewall_IP] %PIX-2-106006: Deny inbound UDP from ForeignIP/1025 to OurEmailServer-Internal/161 Jan 26 08:41:56 [BorderRouter_IP] 1031822: %SEC-6-IPACCESSLOGP: list 110 permitted udp ForeignIP(1025) -> AnExternalOfOurs(161), 1 packet Can I be sure that 161, in this instance, is still SNMP? The connection to AnExternalOfOurs happens because it is outside our firewall. I figure somebody is probing to find out information for future attempts. Cheers, Jeff :::::::: Jeffrey L. Nelson Network Manager Cleveland Motion Controls
Current thread:
- SSH2 Exploit?, (continued)
- SSH2 Exploit? Jonathan A. Zdziarski (Feb 09)
- Re: SSH2 Exploit? Alexander Kiwerski (Feb 10)
- Re: SSH2 Exploit? Richard Trott (Feb 10)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Mike Tancsa (Feb 15)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)
- Re: UDP to 161 Ryan Russell (Feb 15)
- Re: UDP to 161 CyberPsychotic (Feb 16)
- Re: UDP to 161 Russell Fulton (Feb 15)
- Re: Private networks and home.{net|com} Andy Smith (Feb 09)
- massive unapproved AXFR's and odd rcvd NOTIFY's Paul Wouters (Feb 09)
- Re: massive unapproved AXFR's and odd rcvd NOTIFY's Francis A. Vidal (Feb 09)
- [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
- Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
- a very strange scan Boris Badenov (Feb 09)