RE: SNMP worm?
From: Robert MacDonald (Robert.MacDonald_at_Haworth.com)
Date: 10/27/05
- Previous message: Jerry Dixon: "Re: Dismantling Botnets?"
- Maybe in reply to: David Gillett: "SNMP worm?"
- Next in thread: Frank Knobbe: "RE: SNMP worm?"
- Reply: Frank Knobbe: "RE: SNMP worm?"
- Reply: David Gillett: "RE: SNMP worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Oct 2005 21:52:26 -0400 To: <gillettdavid@fhda.edu>
David,
None here (yet). Possible a contractor or vendor showing off network
solution-wares? Does it appear to be polling sequentially or
randomly? Is it looking through particular subnets? Is it possibly a
new printer(s) that have been plugged in or gone wild?
This is probably a duh question, but have you been able to
hunt down the offending workstation(s) and check them out?
I'll keep on the lookout.
Best of Luck.
Robert
________________________________
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: Wed 10/26/2005 4:56 PM
To: incidents@securityfocus.com
We're suddenly seeing a lot of unauthorized SNMP traffic, including
some to broadcast destinations, from stations on our network that have
no business doing that. Anyone know of a new virus/worm with that
behaviour? (Details are still sketchy here -- I'm hoping someone else
has seen this and can provide clues of additional symptoms to look for.)
David Gillett
- Previous message: Jerry Dixon: "Re: Dismantling Botnets?"
- Maybe in reply to: David Gillett: "SNMP worm?"
- Next in thread: Frank Knobbe: "RE: SNMP worm?"
- Reply: Frank Knobbe: "RE: SNMP worm?"
- Reply: David Gillett: "RE: SNMP worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
