RE: SNMP worm?
From: Frank Knobbe (frank_at_knobbe.us)
Date: 10/27/05
- Previous message: David Gutierrez: "RE: SNMP worm?"
- In reply to: Robert MacDonald: "RE: SNMP worm?"
- Next in thread: David Gillett: "RE: SNMP worm?"
- Maybe reply: hein_at_blubber.com: "Re: RE: SNMP worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: gillettdavid@fhda.edu, incidents@securityfocus.com Date: Thu, 27 Oct 2005 03:07:01 -0500
On Wed, 2005-10-26 at 21:52 -0400, Robert MacDonald wrote:
> None here (yet). Possible a contractor or vendor showing off network
> solution-wares? Does it appear to be polling sequentially or
> randomly? Is it looking through particular subnets? Is it possibly a
> new printer(s) that have been plugged in or gone wild?
Another possibility is a misconfigured network management station. I
remember one incident in the past where a certain subnet got routinely
scanned from one particular box, which was named like
"netmon.noc.company.com". We notified the contact of that domain and
kept an eye on it. Eventually the flood stopped, so perhaps someone
noticed that a netmask was entered wrong :)
What was that saying about not attributing malice to something that can
be explained with stupidity? :)
Cheers,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: David Gutierrez: "RE: SNMP worm?"
- In reply to: Robert MacDonald: "RE: SNMP worm?"
- Next in thread: David Gillett: "RE: SNMP worm?"
- Maybe reply: hein_at_blubber.com: "Re: RE: SNMP worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
