Snort mailing list archives
Re: SNMP bug for SNORT v 1.9 ???
From: Erek Adams <erek () snort org>
Date: Fri, 24 Jan 2003 09:19:36 -0500 (EST)
On Fri, 24 Jan 2003, Doan Nguyen wrote:
my original purpose was to have SNORT send traps to my network manager for any rules that SNORT detects. The problem here is that I think SNORT is suppose to send only 1 trap per an incident, instead it is continuously sending the same traps for that 1 incident which I do not think is correct.
Two things: * Snort sends an alert for each and every packet that causes an alert. If Snort sees 10,000,000 packets that match a rule, you get 10,000,000 alerts. Since you're sending SNMP traps on each alert, you'll get 10,000,000 traps. * What alert are you getting? You might actually be causing a 'endless loop' with the alerts. If the rule has it's trigger value in the alert that gets sent in cleartext, unless you're taking precautions you'll get that rule to trigger on the alert, and then to trigger on that alert, and so on... I think that's what twig was pointing to. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNMP bug for SNORT v 1.9 ??? Doan Nguyen (Jan 23)
- Re: SNMP bug for SNORT v 1.9 ??? twig les (Jan 23)
- Re: SNMP bug for SNORT v 1.9 ??? Doan Nguyen (Jan 24)
- Re: SNMP bug for SNORT v 1.9 ??? Erek Adams (Jan 24)
- Re: SNMP bug for SNORT v 1.9 ??? twig les (Jan 24)
- Re: SNMP bug for SNORT v 1.9 ??? Doan Nguyen (Jan 24)
- Re: SNMP bug for SNORT v 1.9 ??? twig les (Jan 23)