Snort mailing list archives
SNMP request UDP flood
From: "Sherry Sun" <suns () oak cats ohiou edu>
Date: Wed, 13 Nov 2002 09:29:37 -0500
I just installed Snort 1.9.0 on Linux, and have been monitoring it for a few days. Turns out 99% of the alerts are the same alert coming from our HPopenview box, They are choking my database, and still keep coming in. I have copied the alert below: [Classification: Attempted Information Leak] [Priority: 2] 11/07-11:08:29.672350 132.235.8.77:36244 -> 132.235.8.0:161 UDP TTL:1 TOS:0x0 ID:35998 IpLen:20 DgmLen:103 DF Len: 83 [Xref => cve CAN-2002-0013][Xref => cve CAN-2002-0012] [**] [1:1417:2] SNMP request udp [**] [Classification: Attempted Information Leak] [Priority: 2] 11/07-11:08:29.686665 132.235.8.77:36244 -> 132.235.8.0:161 UDP TTL:1 TOS:0x0 ID:35999 IpLen:20 DgmLen:87 DF Len: 67 Can anyone tell me how can I make Snort stop generating this alert? Thank you. Sherry Sun suns () ohio edu
Current thread:
- SNMP request UDP flood Sherry Sun (Nov 13)
- <Possible follow-ups>
- RE: SNMP request UDP flood Knight, Ric (Nov 13)
- RE: SNMP request UDP flood twig les (Nov 13)