We have noticed this and have taken action to stop these SNMP polls from reaching other ISPs. The polling of addresses blocks managed by other ISPs was purely accidental and should not happen again. Walker Wireless is more than willing to investigate incidents like this directly. If anyone has concerns about unusual activity orginating from anywhere in the Walker Wireless network please contact our Network Operations Centre on 0800-WWCARE or myself directly. Thank you, Richard Watson Network Infrastructure Engineer WALKER WIRELESS LIMITED Tel: +64 (9) 522 3674 Fax: +64 (9) 520 3447 Mob: +6427 286 6681 Email: rwatson(a)walkerwireless.com 0800 NO NETLAG Get high speed wireless internet and private network connectivity with Walker Wireless. Visit www.walkerwireless.com for information. The information in this electronic mail and its attachments is legally privileged and confidential. If the reader of this electronic mail and attachments is not the intended recipient, you are hereby notified that any use, dissemination or reproduction of this electronic mail its contents and attachments is prohibited. This email is personal and may not reflect Walker Wireless', Walker Corporation's subsidiaries or affiliated companies' position. -----Original Message----- From: Gordon Smith [mailto:gordons(a)morenet.net.nz] Sent: Friday, 3 May 2002 4:09 p.m. To: Nznog Subject: FW: Walker Wireless attacking other ISPs? Hi all, Has anyone else been seeing mail1.walkerwireless.com attempting to break in to their border routers? Picked this up on a routine log audit. Although we actively block and log this sort of activity, others may not be aware of it. Of particular concern is the attempted use of the ILMI exploit, detailed at http://www.kb.cert.org/vuls/id/976280 which has no legitimate reason to be seen. Attacking machine is running Checkpoint FW-1 mail server! Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd. Fingerprint: 4093 91BC 0055 46B9 1B1A EDBA 45AD 2381 7B1D E4BE Log extract (multiple occurrances of this): 04/23/2002 15:38.24 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.14 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 15:38.14 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.02 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 15:38.02 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.52 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" 04/23/2002 15:37.52 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.44 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "wd1h2dt2d" 04/23/2002 15:37.44 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.34 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "private" 04/23/2002 15:37.34 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.24 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "public" 04/23/2002 11:37.42 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.32 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 11:37.32 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.18 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 11:37.18 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.10 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog