Snort mailing list archives
RE: SNMP request UDP flood
From: twig les <twigles () yahoo com>
Date: Wed, 13 Nov 2002 10:48:44 -0800 (PST)
Or just do what i do...comment out loud rules that aren't security problems in your environment then bounce snort. --- "Knight, Ric" <RKnight () TUC ca> wrote:
The SNMP rules alert for $EXTERNAL_NET to $HOME_NET if the devices generating the SNMP traffic to your OpenView are defined as part of $HOME_NET the alerts will go away... -Ric -----Original Message----- From: Sherry Sun [mailto:suns () oak cats ohiou edu] Sent: November 13, 2002 9:30 AM To: snort-users () lists sourceforge net Subject: [Snort-users] SNMP request UDP flood I just installed Snort 1.9.0 on Linux, and have been monitoring it for a few days. Turns out 99% of the alerts are the same alert coming from our HPopenview box, They are choking my database, and still keep coming in. I have copied the alert below: [Classification: Attempted Information Leak] [Priority: 2] 11/07-11:08:29.672350 132.235.8.77:36244 -> 132.235.8.0:161 UDP TTL:1 TOS:0x0 ID:35998 IpLen:20 DgmLen:103 DF Len: 83 [Xref => cve CAN-2002-0013][Xref => cve CAN-2002-0012] [**] [1:1417:2] SNMP request udp [**] [Classification: Attempted Information Leak] [Priority: 2] 11/07-11:08:29.686665 132.235.8.77:36244 -> 132.235.8.0:161 UDP TTL:1 TOS:0x0 ID:35999 IpLen:20 DgmLen:87 DF Len: 67 Can anyone tell me how can I make Snort stop generating this alert? Thank you. Sherry Sun suns () ohio edu
-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- If you give a man a fish, he can eat for a day If you bludgeon him to death, you can eat the fish yourself ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNMP request UDP flood Sherry Sun (Nov 13)
- <Possible follow-ups>
- RE: SNMP request UDP flood Knight, Ric (Nov 13)
- RE: SNMP request UDP flood twig les (Nov 13)