So far no one has told me they've been hit. And to follow up, because self-reporting isn't that accurate, I have not seen any operational impact due to someone exploiting, or attempting to exploit SNMP. So far most of the problems I've tracked down in the last 72 hours have been due to unrelated problems or network operators rushing to patch or block SNMP. According to notes sent/forwarded to me, several network operators have blocked SNMP ports in their hosting facilities either permanently or for a few days while folks figure out what to do. I have not seen any gaps in most MRTG data (which uses SNMP) graphs displayed on providers web sites. The Ripe, Telstra, Keynote, Matrix, etc global network data graphs don't appear out of the ordinary. On Thu, 14 Feb 2002, Frank B. Scalzo wrote:
Has anyone seen any discernable operational impact from CA-2002-03? Things like: increase in SNMP probes, increase in bgp churn due to outside networks being affected, customer complaints, increase in number of customer flaps, anyone willing to admit to being directly impacted, anyone willing to admit surviving an attempt, does anyone have any evidence of an actual exploit, any evidence that people wearing the wrong color hats are using this or trying to?