Hi all, Has anyone else been seeing mail1.walkerwireless.com attempting to break in to their border routers? Picked this up on a routine log audit. Although we actively block and log this sort of activity, others may not be aware of it. Of particular concern is the attempted use of the ILMI exploit, detailed at http://www.kb.cert.org/vuls/id/976280 which has no legitimate reason to be seen. Attacking machine is running Checkpoint FW-1 mail server! Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd. Fingerprint: 4093 91BC 0055 46B9 1B1A EDBA 45AD 2381 7B1D E4BE Log extract (multiple occurrances of this): 04/23/2002 15:38.24 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.14 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 15:38.14 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.02 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 15:38.02 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.52 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" 04/23/2002 15:37.52 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.44 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "wd1h2dt2d" 04/23/2002 15:37.44 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.34 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "private" 04/23/2002 15:37.34 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.24 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "public" 04/23/2002 11:37.42 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.32 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 11:37.32 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.18 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 11:37.18 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.10 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog