At this point, we do not see a significant increase in SNMP scanning traffic. None of the SNMP sources reported lately scanned more than one target, which usually indicates either a mistake (someone entered the wrong IP into their network admin . . .
At this point, we do not see a significant increase in SNMP scanning traffic. None of the SNMP sources reported lately scanned more than one target, which usually indicates either a mistake (someone entered the wrong IP into their network admin tool) or a false positive (someone is rejecting legitamate SNMP traffic).

Update (2/13/2002): For port 162 (snmptrap), we see a small but significant increase in traffic as a percentage of all reports (see Port 162 reports. Unlike snmp request messages, which are frequently used for general recognizance/enumeration, snmptrap does not solicit a response. As a result, pre-exploit traffic for snmptraps was low.

The link for this article located at DShield is no longer available.