On a very slow Sunday in JanuaryI noticed that port 161 (designated as SNMP)is still alive and kicking, however the port 161DShield reporttrend sawdownward movementtwo weeks ago, and now we are right back at it with the same intensity. Previously it was discussed here that D-Link routers are at play, so Id like to grab a few packets to confirm that we are still seeing the continuance of known attacks, or if we have something else driving the Port 161 numbers up so high. If anybody has any questionableport 161 traffic they could capture and upload, Id love to review and report on what we are seeing.
tony d0t carothers --gmail
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.