Reply to post: SNMP

Mikrotik routers pwned en masse, send network data to mysterious box

JohnG

SNMP

"....the controller oddly seems to be interested in collecting traffic from the relatively obscure SNMP ports 161 and 162."

One possibility is that there is some other exploit in the wild, that transfers information using SNMP, on the basis that SNMP packets to and from almost any device would not be considered out of the ordinary and would be unlikely to trigger an IDS/IPS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon