SNMP/TCP probes from


during the last couple of days, i noticed probes from some hosts that
present themselves as probe hosts, including but not
limited to, the following IP addresses:

* /
* /
* /
* /

The systems present the following information via http:
> This system is coordinating an internet-wide survey of open TCP
> ports, service banners, SNMP system descriptions, and NetBIOS name
> queries. The results of this survey will be used to uncover
> systematic vulnerabilities in the equipment provided by ISPs to their
> customers.

Have you noticed these probes and what are your thoughts on them?


This is HD Moore's latest experiment. It is annoying for sure but
well .. he's doing it for research, and you can either acl off his
probes or email him and he'll exempt your ASN from whatever scanning
he is doing.