Security Incidents mailing list archives
Re: Assistance regarding network scans
From: Bill Pennington <billp () ROCKETCASH COM>
Date: Mon, 7 Aug 2000 13:53:03 -0700
My guess would be that gw-sjo1.sc.philips.com is a router and someone has fudged the IP address of the network management station so that it is sending SNMP traps to your server(s). I would attempt to contact them and let them know. You could also sniff those packets and figure out want is wrong with the router :-). My gut tells me that it is a simple misconfiguration. Steve Lum wrote:
hello all, For the last couple of days, a specific host (63.194.140.131) has been scanning my IP addresses on my network. They seem to be trying to connect to port 162. The computers they are trying to connect to seem to be focused on two computers. One NT Server and a Solaris workstation. I've attached a small part of my log file to the bottom so you can see more clearly whats going on. The remote host is gw-sjo1.sc.philips.com Has anyone seen this sort of behavior before? And i'm not sure what is the next action to take regarding this situation. 08-06-2000 23:24:50 list 120 denied udp 63.194.140.131(691) -> 207.217.9.x(162), 1 packet 08-06-2000 23:25:51 list 120 denied udp 63.194.140.131(705) -> 207.217.9.x(162), 1 packet 08-06-2000 23:26:51 list 120 denied udp 63.194.140.131(717) -> 207.217.9.y(162), 1 packet 08-06-2000 23:27:52 list 120 denied udp 63.194.140.131(727) -> 207.217.9.x(162), 1 packet 08-06-2000 23:28:53 list 120 denied udp 63.194.140.131(739) -> 207.217.9.x(162), 1 packet 08-06-2000 23:29:54 list 120 denied udp 63.194.140.131(750) -> 207.217.9.x(162), 1 packet 08-06-2000 23:30:55 list 120 denied udp 63.194.140.131(761) -> 207.217.9.x(162), 1 packet 08-06-2000 23:31:55 list 120 denied udp 63.194.140.131(770) -> 207.217.9.x(162), 1 packet 08-06-2000 23:32:56 list 120 denied udp 63.194.140.131(786) -> 207.217.9.x(162), 1 packet 08-06-2000 23:33:57 list 120 denied udp 63.194.140.131(795) -> 207.217.9.x(162), 1 packet 08-06-2000 23:34:58 list 120 denied udp 63.194.140.131(806) -> 207.217.9.x(162), 1 packet 08-06-2000 23:35:58 list 120 denied udp 63.194.140.131(820) -> 207.217.9.x(162), 1 packet 08-06-2000 23:36:59 list 120 denied udp 63.194.140.131(834) -> 207.217.9.x(162), 1 packet 08-06-2000 23:38:00 list 120 denied udp 63.194.140.131(843) -> 207.217.9.x(162), 1 packet 08-06-2000 23:39:00 list 120 denied udp 63.194.140.131(854) -> 207.217.9.x(162), 1 packet 08-06-2000 23:40:01 list 120 denied udp 63.194.140.131(866) -> 207.217.9.x(162), 1 packet 08-06-2000 23:41:02 list 120 denied udp 63.194.140.131(880) -> 207.217.9.x(162), 1 packet 08-06-2000 23:42:03 list 120 denied udp 63.194.140.131(889) -> 207.217.9.x(162), 1 packet 08-06-2000 23:43:04 list 120 denied udp 63.194.140.131(898) -> 207.217.9.x(162), 1 packet any help is greatly appreciated, steve
-- Bill Pennington Senior IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
Current thread:
- Assistance regarding network scans Steve Lum (Aug 07)
- Re: Assistance regarding network scans Bill Pennington (Aug 08)
- <Possible follow-ups>
- Re: Assistance regarding network scans Forrester, Mike (Aug 08)