Snort mailing list archives

RE: SNMP request UDP flood

From: twig les <twigles () yahoo com>
Date: Wed, 13 Nov 2002 10:48:44 -0800 (PST)

Or just do what i do...comment out loud rules that
aren't security problems in your environment then
bounce snort.


--- "Knight, Ric" <RKnight () TUC ca> wrote:

The SNMP rules alert for $EXTERNAL_NET to $HOME_NET
if the devices
generating the SNMP traffic to your OpenView are
defined as part of
$HOME_NET the alerts will go away... 

-Ric 

-----Original Message-----
From: Sherry Sun [mailto:suns () oak cats ohiou edu]
Sent: November 13, 2002 9:30 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] SNMP request UDP flood


I just installed Snort 1.9.0 on Linux, and have been
monitoring it for a few
days.
Turns out 99% of the alerts are the same alert
coming from our HPopenview
box,
They are choking my database, and still keep coming
in.

I have copied the alert below:

[Classification: Attempted Information Leak]
[Priority: 2] 
11/07-11:08:29.672350 132.235.8.77:36244 ->
132.235.8.0:161
UDP TTL:1 TOS:0x0 ID:35998 IpLen:20 DgmLen:103 DF
Len: 83
[Xref => cve CAN-2002-0013][Xref => cve
CAN-2002-0012]
[**] [1:1417:2] SNMP request udp [**]
[Classification: Attempted Information Leak]
[Priority: 2] 
11/07-11:08:29.686665 132.235.8.77:36244 ->
132.235.8.0:161
UDP TTL:1 TOS:0x0 ID:35999 IpLen:20 DgmLen:87 DF
Len: 67


Can anyone tell me how can I make Snort stop
generating this alert?

Thank you.


Sherry Sun
suns () ohio edu

-------------------------------------------------------

This sf.net email is sponsored by: Are you worried
about 
your web server security? Click here for a FREE
Thawte 
Apache SSL Guide and answer your Apache SSL security

needs: http://www.gothawte.com/rd523.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2


-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about 
your web server security? Click here for a FREE Thawte 
Apache SSL Guide and answer your Apache SSL security 
needs: http://www.gothawte.com/rd523.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNMP request UDP flood Sherry Sun (Nov 13)
- <Possible follow-ups>
- RE: SNMP request UDP flood Knight, Ric (Nov 13)
  - RE: SNMP request UDP flood twig les (Nov 13)