Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: SNMP Broadcasts
From: "J.A. Terranson" <measl () mfn org>
Date: Tue, 13 Jul 2004 17:08:47 -0500 (CDT)

On Tue, 13 Jul 2004, BillyBob wrote:

From: BillyBob <billybobknob () hotmail com>

Hello Mr. Knob,

Subject: [Full-disclosure] SNMPBroadcasts

SNMP doesn't "broadcast"

For the past 12 hours my external IP has been bombarded with SNMP

"Bombarded"?  Below you state it was only "several per second".  Are you
on a dial connection?

Broadcasts, I have sent complaints to my ISP and the ISP of the originating

And both are likely laughing their asses off right about now.

The attacking IP must have some sort of worm or automated script to go
through all the port numbers as his remote port starts at 60001 and goes up
to 64087 but it hits my local ports 1-highest port # (65535) if I let my
logs record that much.

SNMP goes to ports 161 and 162, *only*.

Could this be some kind of SNMP DoS as I get several/second ?

I know I shouldn't be asking this, but...  Do you know how to use


J.A. Terranson
sysadmin () mfn org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."

  Osama Bin Laden

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]