Security Incidents mailing list archives

Re: new SNMP vuln?

From: "Mike Lewinski" <mike () rockynet com>
Date: Thu, 7 Feb 2002 12:41:39 -0700

We have seen increases in SNMP probes to our routers in the last few months.
The following logs are from separate devices that had previously not been
picking up anything external. None of the offenders are on our net. In some
cases there are repeat offenders hitting different networks. In others it
may just be a misconfigured OpenView somewhere.

#1
Jan  9  7:07:02     Manager session timed out
Jan 19  1:35:10     SNMP: Authorization Violation by 62.243.158.158
Jan 20  1:17:43     SNMP: Authorization Violation by 62.243.158.158
Jan 21  1:17:26     SNMP: Authorization Violation by 62.243.158.158
Jan 23 22:35:39     SNMP: Authorization Violation by 213.84.35.225
Jan 23 22:53:51     SNMP: Authorization Violation by 63.225.202.68
Jan 24  1:19:07     SNMP: Authorization Violation by 62.243.158.158
Jan 29  1:18:15     SNMP: Authorization Violation by 62.243.158.158
Jan 30  3:03:56     SNMP: Authorization Violation by 203.167.218.222
Feb  1  1:18:24     SNMP: Authorization Violation by 62.243.158.158
Feb  4  1:19:50     SNMP: Authorization Violation by 62.243.158.158
Feb  5  1:14:54     SNMP: Authorization Violation by 62.243.158.158
Feb  7  1:17:28     SNMP: Authorization Violation by 62.243.158.158
Feb  7  4:19:38     SNMP: Authorization Violation by 158.252.197.37
Feb  8  1:18:26     SNMP: Authorization Violation by 62.243.158.158


#2

Nov 18  3:49:28     SNMP: Authorization Violation by 63.217.77.226
Nov 18  3:50:23     SNMP: Authorization Violation by 63.217.77.226
Nov 18  3:52:06     SNMP: Authorization Violation by 63.217.77.226
Nov 29 14:35:12     SNMP: Authorization Violation by 63.217.77.226
Dec 17 15:14:38     SNMP: Authorization Violation by 63.217.77.226

#3

Jan 23  9:26:26     SNMP: Authorization Violation by 209.219.44.2
Jan 23  9:49:26     SNMP: Authorization Violation by 209.219.44.2
Jan 24 15:01:36     SNMP: Authorization Violation by 209.219.44.2

#4

Dec 17  4:00:29     SNMP: Authorization Violation by 80.13.199.108
Dec 17  4:00:39     SNMP: Authorization Violation by 80.13.199.108
Dec 17  4:01:05     SNMP: Authorization Violation by 80.13.199.108
Dec 17  4:01:06     SNMP: Authorization Violation by 80.13.199.108
Dec 17  4:01:08     SNMP: Authorization Violation by 80.13.199.108
Dec 18 22:16:01     SNMP: Authorization Violation by 63.217.77.226
Dec 18 23:12:29     SNMP: Authorization Violation by 216.113.12.153



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

new SNMP vuln? Gary Golomb (Feb 07)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
  - Re: new SNMP vuln? James (Feb 07)
- Re: new SNMP vuln? H C (Feb 07)
  - Re: new SNMP vuln? jason (Feb 12)
    - Re: new SNMP vuln? Arthur Donkers (Feb 12)
    - SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
    - Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
    - Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
    - Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
    - Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
    - Re: SNMP vulnerability test? Chris Ess (Feb 13)

(Thread continues...)