FW: Walker Wireless attacking other ISPs?
Hi all, Has anyone else been seeing mail1.walkerwireless.com attempting to break in to their border routers? Picked this up on a routine log audit. Although we actively block and log this sort of activity, others may not be aware of it. Of particular concern is the attempted use of the ILMI exploit, detailed at http://www.kb.cert.org/vuls/id/976280 which has no legitimate reason to be seen. Attacking machine is running Checkpoint FW-1 mail server! Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd. Fingerprint: 4093 91BC 0055 46B9 1B1A EDBA 45AD 2381 7B1D E4BE Log extract (multiple occurrances of this): 04/23/2002 15:38.24 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.14 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 15:38.14 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.02 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 15:38.02 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.52 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" 04/23/2002 15:37.52 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.44 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "wd1h2dt2d" 04/23/2002 15:37.44 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.34 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "private" 04/23/2002 15:37.34 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.24 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "public" 04/23/2002 11:37.42 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.32 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 11:37.32 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.18 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 11:37.18 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.10 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I REALLY hope that you made Walker Wireless aware of this before you posted it to the whole list. Dean On Fri, 2002-05-03 at 16:08, Gordon Smith wrote:
Hi all,
Has anyone else been seeing mail1.walkerwireless.com attempting to break in to their border routers? Picked this up on a routine log audit.
Although we actively block and log this sort of activity, others may not be aware of it.
Of particular concern is the attempted use of the ILMI exploit, detailed at http://www.kb.cert.org/vuls/id/976280 which has no legitimate reason to be seen.
Attacking machine is running Checkpoint FW-1 mail server!
Cheers,
Gordon Smith CCNA Network Operations Manager
MoreNet Ltd.
Fingerprint: 4093 91BC 0055 46B9 1B1A EDBA 45AD 2381 7B1D E4BE
Log extract (multiple occurrances of this):
04/23/2002 15:38.24 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.14 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 15:38.14 WARN:SNMP last message repeated 2 times 04/23/2002 15:38.02 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 15:38.02 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.52 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7" 04/23/2002 15:37.52 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.44 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "wd1h2dt2d" 04/23/2002 15:37.44 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.34 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "private" 04/23/2002 15:37.34 WARN:SNMP last message repeated 2 times 04/23/2002 15:37.24 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "public" 04/23/2002 11:37.42 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.32 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "ILMI" 04/23/2002 11:37.32 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.18 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "DHdW7tr5nP" 04/23/2002 11:37.18 WARN:SNMP last message repeated 2 times 04/23/2002 11:37.10 WARN:SNMP SNMP request received from 210.54.139.178 with unknown community "P8nD8l1n7"
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On 3 May 2002, Dean Pemberton wrote:
I REALLY hope that you made Walker Wireless aware of this before you posted it to the whole list.
That would've spoilt the ensuing flame war though, wouldn't it? -- Juha Saarinen - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (3)
-
Dean Pemberton -
Gordon Smith -
Juha Saarinen