Snort mailing list archives
Re: Snort-1.8.7 + snmp support
From: Chris Green <cmg () sourcefire com>
Date: Fri, 26 Jul 2002 14:46:50 -0400
"Schlottmann, Philipp, HO" <Philipp.Schlottmann () de bertrandt com> writes:
Hi. I configured snort with mysql database output and snmp trap sending support. I only once force an event being triggered by using "nmap -sS someIP" and snort does produce an enormous neverending amount of SNMP traps (UDP). I checked it with tcpdump and grep'ed the community string. The SNMP traps themselves being again recognized by snort cause kind of an endless loop! My ACID console with underlying mysql snort db gets performance problems and so on. How comes that snort produces SNMP traps all the time just because of one triggered signature...and it never ends up with that?
Basically, its a problem of not using an out of band management network. Short fix: add this to your snort command line not \( src 192.168.1.1 and udp and dst port 162 \) where 192.168.1.1 is the IP address of your sensor
How can I fix this? Is there a way to tell snort not to recognize the snmp traps it produced itself or to produce less traps or at least end up within some time? Thanx a lot! Philipp Schlottmann ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Chris Green <cmg () sourcefire com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-1.8.7 + snmp support Schlottmann, Philipp, HO (Jul 26)
- Re: Snort-1.8.7 + snmp support Chris Green (Jul 26)
- Re: Snort-1.8.7 + snmp support twig les (Jul 26)