On a very slow Sunday in January I noticed that port 161 (designated as SNMP) is still alive and kicking, however the port 161 DShield report trend saw downward movement two weeks ago, and now we are right back at it with the same intensity. Previously it was discussed here that D-Link routers are at play, so I'd like to grab a few packets to confirm that we are still seeing the continuance of known attacks, or if we have something else driving the Port 161 numbers up so high. If anybody has any questionable port 161 traffic they could capture and upload, I'd love to review and report on what we are seeing. tony d0t carothers --gmail |
Tony 150 Posts ISC Handler Jan 11th 2015 |
Thread locked Subscribe |
Jan 11th 2015 7 years ago |
I have seen a HUGE increase in port 161 traffic hits on my IDS.
Jan 11 21:40:56 HORNET snort[996]: message repeated 8 times: [ [1:1417:9] SNMP request udp [Classification: Attempted Information Leak] [Priority: 2] {UDP} 10.0.0.6:49152 -> 10.0.0.11:161] |
Anonymous |
Quote |
Jan 12th 2015 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!