Snort mailing list archives

Re: SNMP Rule to detect current threat?

From: "Andrew R. Baker" <andrewb () snort org>
Date: Thu, 14 Feb 2002 14:48:27 -0800

Rich Adamson wrote:


Also, the destination port will be 161 (not 162) with a souce port of any
(cannot assume > 1024).

 
Both snmptrapd and the snmp agents appear to be vulnerable, hence the
reason to watch for attacks to both port 161 (snmp) and 162 (snmptrap)

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNMP Rule to detect current threat? Chip Kelly (Feb 14)
- Re: SNMP Rule to detect current threat? Blake Frantz (Feb 14)
- Re: SNMP Rule to detect current threat? Andrew R. Baker (Feb 14)
  - Re: SNMP Rule to detect current threat? Rich Adamson (Feb 14)
    - Re: SNMP Rule to detect current threat? Andrew R. Baker (Feb 14)