Port 161 Oddities (aka SNMP: so what's going on?)
On a very slow Sunday in January I noticed that port 161 (designated as SNMP) is still alive and kicking, however the port 161 DShield report trend saw downward movement two weeks ago, and now we are right back at it with the same intensity. Previously it was discussed here that D-Link routers are at play, so I'd like to grab a few packets to confirm that we are still seeing the continuance of known attacks, or if we have something else driving the Port 161 numbers up so high. If anybody has any questionable port 161 traffic they could capture and upload, I'd love to review and report on what we are seeing.
tony d0t carothers --gmail
Keywords:
1 comment(s)
×
Diary Archives
Comments
Jan 11 21:40:56 HORNET snort[996]: message repeated 8 times: [ [1:1417:9] SNMP request udp [Classification: Attempted Information Leak] [Priority: 2] {UDP} 10.0.0.6:49152 -> 10.0.0.11:161]
Anonymous
Jan 12th 2015
9 years ago