Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 161 Oddities (aka SNMP: so what's going on?)

Published: 2015-01-11
Last Updated: 2015-01-11 18:58:22 UTC
by Tony Carothers (Version: 1)
1 comment(s)

On a very slow Sunday in January I noticed that port 161 (designated as SNMP) is still alive and kicking, however the port 161 DShield report trend saw downward movement two weeks ago, and now we are right back at it with the same intensity.  Previously it was discussed here that D-Link routers are at play, so I'd like to grab a few packets to confirm that we are still seeing the continuance of known attacks, or if we have something else driving the Port 161 numbers up so high.  If anybody has any questionable port 161 traffic they could capture and upload, I'd love to review and report on what we are seeing.

tony d0t carothers --gmail

1 comment(s)
Diary Archives