Security Incidents mailing list archives

Re: Slow SNMP scan...

From: Jim Watt <wattjg () appliedbiosystems com>
Date: Fri, 15 Feb 2002 18:55:44 -0800

We had one that started on 10 February at 1524 PST and didn't end
until 2055 PST on 13 February:

First two:

Feb 10 15:24:03   195.77.170.25(2079) -> 192.52.153.1(161)
Feb 10 15:45:08   195.77.170.25(2079) -> 192.52.153.2(161)

Last two:

Feb 13 20:55:39   195.77.170.25(2079) -> 192.52.153.240(161)
Feb 13 21:14:56   195.77.170.25(2079) -> 192.52.153.241(161)

There was a fairly constant twentyish-minute delay between each one.
The source address is in a netblock in Spain, according to RIPE's
whois:

inetnum:      195.77.170.24 - 195.77.170.31
netname:      coperfil
descr:        COPERFIL GROUP S.A.
descr:        Internet Public Adresses
country:      ES

Jim
--
Jim Watt                               wattjg () appliedbiosystems com
Applied Biosystems                     Voice (desk): +1 408 577 2228
3833 North First Street                Fax:          +1 408 894 9307
San Jose CA 95134-1701                 Voice (main): +1 408 577 2200


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Slow SNMP scan... Jay Quinby (Feb 15)
- Re: Slow SNMP scan... Jim Watt (Feb 16)
  - Re: Slow SNMP scan... Borja Marcos (Feb 18)
    - Re: Slow SNMP scan... Russell Fulton (Feb 20)
  - Re: Slow SNMP scan... Borja Marcos (Feb 18)
    - Re: Slow SNMP scan... Jim Watt (Feb 18)
  - DoS attack Jason Robertson (Feb 18)