mailing list archives
Re: SNMP Broadcasts
From: "J.A. Terranson" <measl () mfn org>
Date: Tue, 13 Jul 2004 17:08:47 -0500 (CDT)
On Tue, 13 Jul 2004, BillyBob wrote:
From: BillyBob <billybobknob () hotmail com>
Hello Mr. Knob,
Subject: [Full-disclosure] SNMPBroadcasts
SNMP doesn't "broadcast"
For the past 12 hours my external IP has been bombarded with SNMP
"Bombarded"? Below you state it was only "several per second". Are you
on a dial connection?
Broadcasts, I have sent complaints to my ISP and the ISP of the originating
And both are likely laughing their asses off right about now.
The attacking IP must have some sort of worm or automated script to go
through all the port numbers as his remote port starts at 60001 and goes up
to 64087 but it hits my local ports 1-highest port # (65535) if I let my
logs record that much.
SNMP goes to ports 161 and 162, *only*.
Could this be some kind of SNMP DoS as I get several/second ?
I know I shouldn't be asking this, but... Do you know how to use
sysadmin () mfn org
"...justice is a duty towards those whom you love and those whom you do
not. And people's rights will not be harmed if the opponent speaks out
Osama Bin Laden
Full-Disclosure - We believe in it.