It could be nothing. It could be something. The ISC HoneyPot has been showing some port 161 traffic.
Please leave a comment if you see anything that correlates in your travels. -Kevin -- |
Kevin Shortt 85 Posts ISC Handler Sep 8th 2016 |
Thread locked Subscribe |
Sep 8th 2016 4 years ago |
I get tons of SNMP traffic, usually combined with telnet and ping/traceroute. It's been a couple years now, and as usual, my ISP doesn't care about spoofed traffic.
|
Anonymous |
Quote |
Sep 8th 2016 4 years ago |
The request: 1.3.6.1.2.1.1.1.0 seems to be related to AirNovo Wireless Access Point
http://www.alvestrand.no/objectid/1.3.6.1.2.1.1.1.0.html |
Anonymous |
Quote |
Sep 9th 2016 4 years ago |
Nope, this is the default SNMP branch (sysDesc)
alvestrand.no/objectid/… |
Xme 587 Posts ISC Handler |
Quote |
Sep 9th 2016 4 years ago |
I would say this is a way of trying to guess what your device is to prepare for a specific attack.
|
Xme 1 Posts |
Quote |
Sep 9th 2016 4 years ago |
I see a similar spike in SNMP requests in my logs on Sep 6-Sep 7. Went back to baseline levels on Sep 8. All IP's were already in my log for earlier SNMP probing though, so it seems they cranked up their activity for a short while.
|
asclepi 2 Posts |
Quote |
Sep 10th 2016 4 years ago |
Hi there,
what is the name of tool ? Thanks |
Anonymous |
Quote |
Sep 10th 2016 4 years ago |
Related to the CISCO ASA vuln?
|
Anonymous |
Quote |
Sep 10th 2016 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!