Security Incidents: Re: SNMP Scans

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: SNMP Scans

From: John Oliver <joliver () CONNECTNET COM>
Date: Tue, 13 Mar 2001 22:46:11 -0800

Chris Schuler wrote:


anyone else seeing port 111/rpc scans from this ip?
211.185.160.193
Ive seen at least two walks of my ip address space by this host.

Mar 13 09:45:08 211.185.160.193:4671 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 13 09:45:08 211.185.160.193:4670 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 13 09:45:08 211.185.160.193:4672 -> xxx.xxx.xxx.xxx:111 SYN ******S*
...


Yup.  Dispatched LARTs, for all the good they'll do...

--
John Oliver, System Administrator        http://www.allegiancetele.com
ConnectNet, an Allegiance Telecom company    http://www.connectnet.com
6370 Lusk Blvd. Ste F103                                (858) 638-2020
San Diego, CA. 92121                               FAX: (858) 623-1505

By Date By Thread

Current thread:

SNMP Scans Crist Clark (Mar 05)
- <Possible follow-ups>
- Re: SNMP Scans H Carvey (Mar 11)
  - Re: SNMP Scans Omar Herrera (Mar 12)
    - Re: SNMP Scans MadHat (Mar 13)
- Re: SNMP Scans Chris Schuler (Mar 13)
  - Re: SNMP Scans John Oliver (Mar 14)
  - Port 111 Scans (odd single IP# probes too) Bryan Andersen (Mar 14)
    - Re: Port 111 Scans (odd single IP# probes too) Scott Nursten (Mar 15)
    - Re: Port 111 Scans (odd single IP# probes too) Rob Kouwenberg (Mar 15)
  - Re: SNMP Scans John (Mar 14)
  - Re: SNMP Scans Eric Kimminau (Mar 14)