Snort mailing list archives

Re: HP Printers - SNMP Public Access udp

From: Mark.Schutzmann () Omron com
Date: Tue, 18 Nov 2003 12:53:20 -0600


Bob,

This is normal traffic on a network that has a lot of HP Printers, because
the client's driver uses SNMP to determine the printer's extended status.
Usually the default SNMP password on these printers is Public and on some
non-HP printers it cannot be changed. I've actually written a rule to
detect new (rogue) printers when they come online. I did this by allowing
known corporate printers that are all within a certain IP range to have a
pass rule.

Regards,
Mark


                                                                                                                        
                          
                      bdushok () luzerne edu                                                                            
                             
                      Sent by:                            To:       snort-users () lists sourceforge net                
                             
                      snort-users-admin () lists sour        cc:                                                        
                             
                      ceforge.net                         Subject:  [Snort-users] HP Printers - SNMP Public Access udp  
                          
                                                                                                                        
                          
                                                                                                                        
                          
                      11/18/2003 11:29 AM                                                                               
                          
                                                                                                                        
                          
                                                                                                                        
                          





I'm new to Snort and have been tweaking my configuration for the past
couple of weeks.  I've been noticing a LOT of "SNMP Public Access udp"
alerts being generated.  They appear to be caused by clients (appear to be
Win2K) connecting to HP Printers containing Jet Direct cards.  I was
considering writing pass rules to avoid these alerts, but am wondering if
that's a good idea.  Has anyone seen this sort of network activity?  Does
it indicate something configured incorrectly either on the client or with
the Jet Direct unit?

Any suggestions would be appreciated.

Thanks,
Bob






-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

HP Printers - SNMP Public Access udp bdushok (Nov 18)
- Message not available
  - Re: HP Printers - SNMP Public Access udp Jason (Nov 18)
- <Possible follow-ups>
- Re: HP Printers - SNMP Public Access udp Mark . Schutzmann (Nov 18)