Re: RE: SNMP worm?
hein_at_blubber.com
Date: 10/27/05
- Previous message: Frank Knobbe: "RE: SNMP worm?"
- Maybe in reply to: Frank Knobbe: "RE: SNMP worm?"
- Next in thread: Mark Ryan del Moral Talabis: "Re: SNMP worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Oct 2005 13:15:21 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) Are you lot sure that this SNMP traffic really originates from your networks? SNMP can easily be spoofed. So far we noticed nothing in our logs and the only scans come from myself. I would rather guess that a script kiddie is on the lose again and tries to play with SNMP. Well it can be rather fun to scan for SNMP. The amount of open devices one can find is scarey, not to talk about community names like public, private and ILMI. I would have a look at the community strings used to see if its a scan or if somebody tries a Dictionary attack. The best option is however to implement access lists accordingly and use very strong Community names.
- Previous message: Frank Knobbe: "RE: SNMP worm?"
- Maybe in reply to: Frank Knobbe: "RE: SNMP worm?"
- Next in thread: Mark Ryan del Moral Talabis: "Re: SNMP worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
