Security Incidents mailing list archives
Re: Slow SNMP scan...
From: Jim Watt <wattjg () appliedbiosystems com>
Date: Fri, 15 Feb 2002 18:55:44 -0800
We had one that started on 10 February at 1524 PST and didn't end until 2055 PST on 13 February: First two: Feb 10 15:24:03 195.77.170.25(2079) -> 192.52.153.1(161) Feb 10 15:45:08 195.77.170.25(2079) -> 192.52.153.2(161) Last two: Feb 13 20:55:39 195.77.170.25(2079) -> 192.52.153.240(161) Feb 13 21:14:56 195.77.170.25(2079) -> 192.52.153.241(161) There was a fairly constant twentyish-minute delay between each one. The source address is in a netblock in Spain, according to RIPE's whois: inetnum: 195.77.170.24 - 195.77.170.31 netname: coperfil descr: COPERFIL GROUP S.A. descr: Internet Public Adresses country: ES Jim -- Jim Watt wattjg () appliedbiosystems com Applied Biosystems Voice (desk): +1 408 577 2228 3833 North First Street Fax: +1 408 894 9307 San Jose CA 95134-1701 Voice (main): +1 408 577 2200 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Slow SNMP scan... Jay Quinby (Feb 15)
- Re: Slow SNMP scan... Jim Watt (Feb 16)
- Re: Slow SNMP scan... Borja Marcos (Feb 18)
- Re: Slow SNMP scan... Russell Fulton (Feb 20)
- Re: Slow SNMP scan... Borja Marcos (Feb 18)
- Re: Slow SNMP scan... Jim Watt (Feb 18)
- DoS attack Jason Robertson (Feb 18)
- Re: Slow SNMP scan... Borja Marcos (Feb 18)
- Re: Slow SNMP scan... Jim Watt (Feb 16)