It could be nothing. It could be something.
The ISC HoneyPot">12:08:27.874575 IP x.x.x.x.12458 y.y.y.y.161:GetRequest(28).1.3.6.1.2.1.1.1.0
12:09:10.952260 IP z.z.z.z.12458 a.a.a.a.161:GetRequest(28).1.3.6.1.2.1.1.1.0
12:09:52.802179 IP b.b.b.b.12458 c.c.c.c.161:GetRequest(28).1.3.6.1.2.1.1.1.0
So I did some poking around, read some articles [1] and found some simlarities, etc. No real testing per se yet. Thenafter yesterdays data was collected, the ISC port data showeda curious correlation. So I am turning to our readers. Can any of you offer any corroborating data or anecdotes. The pic [3] below shows a triple in sources on Aug 11 near the time when some of therecent Cisco vulnerabilities became well known. [2] Then a similar spike yesterday. The numbers do not entirely warrant a deep dive, however, knowing about the events surrounding" />
[1] http://blog.level3.com/security/shadow-brokers-hit-light-of-day/
[2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
[3]https://isc.sans.edu/port.html?port=161
Please leave a comment if you see anything that correlates in your travels.
-Kevin
--
ISC Handler on Duty