Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UDP to 161

From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Tue, 15 Feb 2000 07:40:59 -0800

SNMP is a pretty safe bet.  I'm not aware of anyone writing a trojan to
use 161 yet, though there are several with user definable ports.  SNMP
scans happen pretty frequently, both malicious and on accident.

                                        Ryan

On Thu, 10 Feb 2000, CL: Nelson, Jeff wrote:



Forgive me if this question is obvious or redundant. We have an established
pattern of attempts and denials at our company in two incidents from two
different IP addresses. Logs show this:

Jan 26 08:41:55 [Firewall_IP] %PIX-2-106006: Deny inbound UDP from
ForeignIP/1025 to OurEmailServer-Internal/161
Jan 26 08:41:56 [BorderRouter_IP] 1031822: %SEC-6-IPACCESSLOGP: list 110
permitted udp ForeignIP(1025) -> AnExternalOfOurs(161), 1 packet

Can I be sure that 161, in this instance, is still SNMP? The connection to
AnExternalOfOurs happens because it is outside our firewall. I figure
somebody is probing to find out information for future attempts.
Previous By Date Next
Previous By Thread Next

Current thread: