OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Lewinski (mikerockynet.com)
Date: Thu Feb 07 2002 - 13:41:39 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    We have seen increases in SNMP probes to our routers in the last few months.
    The following logs are from separate devices that had previously not been
    picking up anything external. None of the offenders are on our net. In some
    cases there are repeat offenders hitting different networks. In others it
    may just be a misconfigured OpenView somewhere.

    #1
    Jan 9 7:07:02 Manager session timed out
    Jan 19 1:35:10 SNMP: Authorization Violation by 62.243.158.158
    Jan 20 1:17:43 SNMP: Authorization Violation by 62.243.158.158
    Jan 21 1:17:26 SNMP: Authorization Violation by 62.243.158.158
    Jan 23 22:35:39 SNMP: Authorization Violation by 213.84.35.225
    Jan 23 22:53:51 SNMP: Authorization Violation by 63.225.202.68
    Jan 24 1:19:07 SNMP: Authorization Violation by 62.243.158.158
    Jan 29 1:18:15 SNMP: Authorization Violation by 62.243.158.158
    Jan 30 3:03:56 SNMP: Authorization Violation by 203.167.218.222
    Feb 1 1:18:24 SNMP: Authorization Violation by 62.243.158.158
    Feb 4 1:19:50 SNMP: Authorization Violation by 62.243.158.158
    Feb 5 1:14:54 SNMP: Authorization Violation by 62.243.158.158
    Feb 7 1:17:28 SNMP: Authorization Violation by 62.243.158.158
    Feb 7 4:19:38 SNMP: Authorization Violation by 158.252.197.37
    Feb 8 1:18:26 SNMP: Authorization Violation by 62.243.158.158

    #2

    Nov 18 3:49:28 SNMP: Authorization Violation by 63.217.77.226
    Nov 18 3:50:23 SNMP: Authorization Violation by 63.217.77.226
    Nov 18 3:52:06 SNMP: Authorization Violation by 63.217.77.226
    Nov 29 14:35:12 SNMP: Authorization Violation by 63.217.77.226
    Dec 17 15:14:38 SNMP: Authorization Violation by 63.217.77.226

    #3

    Jan 23 9:26:26 SNMP: Authorization Violation by 209.219.44.2
    Jan 23 9:49:26 SNMP: Authorization Violation by 209.219.44.2
    Jan 24 15:01:36 SNMP: Authorization Violation by 209.219.44.2

    #4

    Dec 17 4:00:29 SNMP: Authorization Violation by 80.13.199.108
    Dec 17 4:00:39 SNMP: Authorization Violation by 80.13.199.108
    Dec 17 4:01:05 SNMP: Authorization Violation by 80.13.199.108
    Dec 17 4:01:06 SNMP: Authorization Violation by 80.13.199.108
    Dec 17 4:01:08 SNMP: Authorization Violation by 80.13.199.108
    Dec 18 22:16:01 SNMP: Authorization Violation by 63.217.77.226
    Dec 18 23:12:29 SNMP: Authorization Violation by 216.113.12.153

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com