Re: HP Printers - SNMP Public Access udp

["Jason" <snort-users () tcpipbitch net>]

> I'm new to Snort and have been tweaking my configuration for the past
> couple of weeks.  I've been noticing a LOT of "SNMP Public Access udp"
> alerts being generated.  They appear to be caused by clients (appear to be
> Win2K) connecting to HP Printers containing Jet Direct cards.  I was
> considering writing pass rules to avoid these alerts, but am wondering if
> that's a good idea.  Has anyone seen this sort of network activity?  Does
> it indicate something configured incorrectly either on the client or with
> the Jet Direct unit?

Its not only HP printers, but Xerox, canonn... in fact, almost any printer
that communicates with the workstations so to provide printer status info
(how much ink/toner, how full the paper trays are, if your printer
supports 2 sided printing and stapling etc) use snmp.  I get about 25000
snmp alerts a day due to the hundreds of printers in the org I work at.  I
have been individually ignoring printer IP's via bpf and suppression
rules.
> Any suggestions would be appreciated.
>
> Thanks,
> Bob



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users