Snort mailing list archives

SNMP request UDP flood

From: "Sherry Sun" <suns () oak cats ohiou edu>
Date: Wed, 13 Nov 2002 09:29:37 -0500

I just installed Snort 1.9.0 on Linux, and have been monitoring it for a
few days.
Turns out 99% of the alerts are the same alert coming from our
HPopenview box,
They are choking my database, and still keep coming in.
 
I have copied the alert below:
 
[Classification: Attempted Information Leak] [Priority: 2] 
11/07-11:08:29.672350 132.235.8.77:36244 -> 132.235.8.0:161
UDP TTL:1 TOS:0x0 ID:35998 IpLen:20 DgmLen:103 DF
Len: 83
[Xref => cve CAN-2002-0013][Xref => cve CAN-2002-0012]
[**] [1:1417:2] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/07-11:08:29.686665 132.235.8.77:36244 -> 132.235.8.0:161
UDP TTL:1 TOS:0x0 ID:35999 IpLen:20 DgmLen:87 DF
Len: 67

 
Can anyone tell me how can I make Snort stop generating this alert?
 
Thank you.
 
 
Sherry Sun
suns () ohio edu

Current thread:

SNMP request UDP flood Sherry Sun (Nov 13)
- <Possible follow-ups>
- RE: SNMP request UDP flood Knight, Ric (Nov 13)
  - RE: SNMP request UDP flood twig les (Nov 13)