Hello, welcome to the Friday, September 9th, 2016 edition of the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich and I am recording from Jacksonville, Florida.

You do see occasional spikes in our data of attacks against SNMP servers. Now, SNMP, or simple network management protocol is supported by a lot of

routers and network equipment like that. It has been used in the past sometimes as a reflector

for denial of service attacks, but of course has also gained new prominence with some of the NSA

Cisco exploits that were released recently, some of

which relied on SNMP.

A lot of what I'm seeing appears to be just the recon, where they're looking for version

strings and uptimes and the like, but haven't had much luck yet with the Honeypot to emulate

some of these vulnerable routers. So if you have any packets in particular packets going to actual

routers, so where we see the request and the reply, please let us know it would be nice to look into some of this traffic

in more detail.

In general, of course, I don't recommend that you expose your network equipment to the

outside internet, but then again, if you have a spare router or a switch or something

like this that you can expose,

it would be nice to set it up sort of in a honeypot capacity.

And if you got these P-Caps and looking for a create tool to analyze it,

Vyarshark, of course, is the way to go.

And Wyrshark released a new significant version 2.2.

This is not just a bug fix release, even though it does fix a couple of bucks,

but it's really mostly a new feature release.

Lots of new decoders in there.

Also support for JSON export for your packet captures and a bunch of other little features like that.

...