Re: SNMP Broadcasts

["J.A. Terranson" <measl () mfn org>]

On Tue, 13 Jul 2004, BillyBob wrote:


> From: BillyBob <billybobknob () hotmail com>

Hello Mr. Knob,

> Subject: [Full-disclosure] SNMPBroadcasts

SNMP doesn't "broadcast"

> For the past 12 hours my external IP has been bombarded with SNMP

"Bombarded"?  Below you state it was only "several per second".  Are you
on a dial connection?

> Broadcasts, I have sent complaints to my ISP and the ISP of the originating
> IP.

And both are likely laughing their asses off right about now.

> The attacking IP must have some sort of worm or automated script to go
> through all the port numbers as his remote port starts at 60001 and goes up
> to 64087 but it hits my local ports 1-highest port # (65535) if I let my
> logs record that much.

SNMP goes to ports 161 and 162, *only*.


> Could this be some kind of SNMP DoS as I get several/second ?

I know I shouldn't be asking this, but...  Do you know how to use
Ethereal?

-- 
Yours,

J.A. Terranson
sysadmin () mfn org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."

  Osama Bin Laden



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html