Date: Tue, 14 Jul 1998 09:33:35 -0400 From: Max Euston <meuston@jmrodgers.com> To: "'Espen Torseth'" <Espen.Torseth@sds.no>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: RE: Large-scale scan of SNMP ports Message-ID: <01BDAF0A.7A41AC60.meuston@jmrodgers.com>
next in thread | raw e-mail | index | archive | help
On Tuesday, July 14, 1998 3:47 AM, Espen Torseth [SMTP:Espen.Torseth@sds.no] wrote: > There is the possibility that someone has started "auto-discovery" in > HP-OpenView, > CA UniCenter, etc. and given the wrong net-adress/subnet-mask. This has > happend > before, and will happen again... > > Regards > Espen Torseth > [snip] > > Yesterday I detected what appears to be a large-scale scan of the 203.36 > > and > > 203.29 networks, coming from what appears to be a host connected to a > > local > > Australian provider. The host did not respond to traceroute, even at the [snip] I concur. I regularly get these scans. I am almost ready to stop following up on them (I have stopped about a half dozen of them) since there seems to be no end in sight. Each time it has been HP JetAdmin software on Windows 95 machines that was configured incorrectly. You can check out http://web.mit.edu/network/hpfix/ as a starting point (it helped me solve the problem). Your best bet is to get the source's ISP to contact them (or tell you who they are) and have them (source) block it at their gateway. Max --- Max Euston <meuston@jmrodgers.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BDAF0A.7A41AC60.meuston>