Security Incidents mailing list archives
RE: SNMP worm?
From: "David Gutierrez" <davegu1 () hotmail com>
Date: Wed, 26 Oct 2005 17:29:08 -0500
David,We have also started to noticed lot of activity in our unix servers. So far no comment from the vendors.
David From: "David Gillett" <gillettdavid () fhda edu> Reply-To: <gillettdavid () fhda edu> To: <incidents () securityfocus com> Subject: SNMP worm? Date: Wed, 26 Oct 2005 13:56:38 -0700 MIME-Version: 1.0Received: from outgoing.securityfocus.com ([205.206.231.26]) by MC8-F19.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 26 Oct 2005 15:24:39 -0700 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mail2.hotmail.com [65.54.253.230]) with ESMTP; Wed, 26 Oct 2005 15:24:39 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid 67E9B146A2D; Wed, 26 Oct 2005 15:35:14 -0600 (MDT)
Received: (qmail 29402 invoked from network); 26 Oct 2005 08:56:49 -0000 X-Message-Info: JGTYoYF78jG+SHvrJWOjDbGoieiG70K9zjAQu/PfWvk= Mailing-List: contact incidents-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <incidents.list-id.securityfocus.com> List-Post: <mailto:incidents () securityfocus com> List-Help: <mailto:incidents-help () securityfocus com> List-Unsubscribe: <mailto:incidents-unsubscribe () securityfocus com> List-Subscribe: <mailto:incidents-subscribe () securityfocus com> Delivered-To: mailing list incidents () securityfocus com Delivered-To: moderator for incidents () securityfocus com Organization: Foothill-DeAnza College District X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcXaSWOx1g+Cm/FSRFigFItqB276CQAJgGpQ Return-Path: incidents-return-8635-davegu1=hotmail.com () securityfocus comX-OriginalArrivalTime: 26 Oct 2005 22:24:39.0714 (UTC) FILETIME=[0E176020:01C5DA7C]
We're suddenly seeing a lot of unauthorized SNMP traffic, including some to broadcast destinations, from stations on our network that have no business doing that. Anyone know of a new virus/worm with that behaviour? (Details are still sketchy here -- I'm hoping someone else has seen this and can provide clues of additional symptoms to look for.) David Gillett
Current thread:
- Re: SSH bruteforce on its way..., (continued)
- Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 26)
- Re: SSH bruteforce on its way... Kurt Seifried (Oct 26)
- Re: SSH bruteforce on its way... Justin (Oct 26)
- Re: SSH bruteforce on its way... Daniel Cid (Oct 26)
- Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 25)
- Re: SSH bruteforce on its way... Michael . Lang (Oct 25)
- Re: SSH bruteforce on its way... Javier Fernandez-Sanguino (Oct 26)
- Re: SSH bruteforce on its way... Volker Tanger (Oct 26)
- SNMP worm? David Gillett (Oct 26)
- Re: SNMP worm? Mark Ryan del Moral Talabis (Oct 26)
- RE: SNMP worm? David Gutierrez (Oct 26)
- Re: SSH bruteforce on its way... Christine Kronberg (Oct 31)
- Re: SSH bruteforce on its way... Javier Fernandez-Sanguino (Oct 26)
- Re: SSH bruteforce on its way... Lionel Ferette (Oct 26)
- Re: SSH bruteforce on its way... Michael Lang (Oct 26)
- Re: SSH bruteforce on its way... Bryan Hatter (Oct 26)