Security Incidents mailing list archives
Re: UDP to 161
From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Tue, 15 Feb 2000 07:40:59 -0800
SNMP is a pretty safe bet. I'm not aware of anyone writing a trojan to use 161 yet, though there are several with user definable ports. SNMP scans happen pretty frequently, both malicious and on accident. Ryan On Thu, 10 Feb 2000, CL: Nelson, Jeff wrote:
Forgive me if this question is obvious or redundant. We have an established pattern of attempts and denials at our company in two incidents from two different IP addresses. Logs show this: Jan 26 08:41:55 [Firewall_IP] %PIX-2-106006: Deny inbound UDP from ForeignIP/1025 to OurEmailServer-Internal/161 Jan 26 08:41:56 [BorderRouter_IP] 1031822: %SEC-6-IPACCESSLOGP: list 110 permitted udp ForeignIP(1025) -> AnExternalOfOurs(161), 1 packet Can I be sure that 161, in this instance, is still SNMP? The connection to AnExternalOfOurs happens because it is outside our firewall. I figure somebody is probing to find out information for future attempts.
Current thread:
- Re: SSH2 Exploit?, (continued)
- Re: SSH2 Exploit? Richard Trott (Feb 10)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Mike Tancsa (Feb 15)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)
- Re: UDP to 161 Ryan Russell (Feb 15)
- Re: UDP to 161 CyberPsychotic (Feb 16)
- Re: UDP to 161 Russell Fulton (Feb 15)
- Re: Private networks and home.{net|com} Andy Smith (Feb 09)
- massive unapproved AXFR's and odd rcvd NOTIFY's Paul Wouters (Feb 09)
- Re: massive unapproved AXFR's and odd rcvd NOTIFY's Francis A. Vidal (Feb 09)
- [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
- Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
- a very strange scan Boris Badenov (Feb 09)
- Re: a very strange scan Russell Fulton (Feb 10)
- Possible stacheldraht variant/probe Stephen P. Berry (Feb 09)