Port 161 Oddities (aka SNMP: so what's going on?)

Published: 2015-01-11
Last Updated: 2015-01-11 18:58:22 UTC
by Tony Carothers (Version: 1)
1 comment(s)

On a very slow Sunday in January I noticed that port 161 (designated as SNMP) is still alive and kicking, however the port 161 DShield report trend saw downward movement two weeks ago, and now we are right back at it with the same intensity.  Previously it was discussed here that D-Link routers are at play, so I'd like to grab a few packets to confirm that we are still seeing the continuance of known attacks, or if we have something else driving the Port 161 numbers up so high.  If anybody has any questionable port 161 traffic they could capture and upload, I'd love to review and report on what we are seeing.

tony d0t carothers --gmail

1 comment(s)


I have seen a HUGE increase in port 161 traffic hits on my IDS.

Jan 11 21:40:56 HORNET snort[996]: message repeated 8 times: [ [1:1417:9] SNMP request udp [Classification: Attempted Information Leak] [Priority: 2] {UDP} ->]

Diary Archives