Snort mailing list archives
Re: HP Printers - SNMP Public Access udp
From: "Jason" <snort-users () tcpipbitch net>
Date: Tue, 18 Nov 2003 13:49:35 -0500 (EST)
I'm new to Snort and have been tweaking my configuration for the past couple of weeks. I've been noticing a LOT of "SNMP Public Access udp" alerts being generated. They appear to be caused by clients (appear to be Win2K) connecting to HP Printers containing Jet Direct cards. I was considering writing pass rules to avoid these alerts, but am wondering if that's a good idea. Has anyone seen this sort of network activity? Does it indicate something configured incorrectly either on the client or with the Jet Direct unit?
Its not only HP printers, but Xerox, canonn... in fact, almost any printer that communicates with the workstations so to provide printer status info (how much ink/toner, how full the paper trays are, if your printer supports 2 sided printing and stapling etc) use snmp. I get about 25000 snmp alerts a day due to the hundreds of printers in the org I work at. I have been individually ignoring printer IP's via bpf and suppression rules.
Any suggestions would be appreciated. Thanks, Bob
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HP Printers - SNMP Public Access udp bdushok (Nov 18)
- Message not available
- Re: HP Printers - SNMP Public Access udp Jason (Nov 18)
- Message not available
- <Possible follow-ups>
- Re: HP Printers - SNMP Public Access udp Mark . Schutzmann (Nov 18)