Snort mailing list archives
Re: SNMP Rule to detect current threat?
From: "Andrew R. Baker" <andrewb () snort org>
Date: Thu, 14 Feb 2002 14:48:27 -0800
Rich Adamson wrote:
Also, the destination port will be 161 (not 162) with a souce port of any (cannot assume > 1024).
Both snmptrapd and the snmp agents appear to be vulnerable, hence the reason to watch for attacks to both port 161 (snmp) and 162 (snmptrap) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNMP Rule to detect current threat? Chip Kelly (Feb 14)
- Re: SNMP Rule to detect current threat? Blake Frantz (Feb 14)
- Re: SNMP Rule to detect current threat? Andrew R. Baker (Feb 14)
- Re: SNMP Rule to detect current threat? Rich Adamson (Feb 14)
- Re: SNMP Rule to detect current threat? Andrew R. Baker (Feb 14)
- Re: SNMP Rule to detect current threat? Rich Adamson (Feb 14)