Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
3
Replies

Signature 4513 false alarms

milan.kulik
Level 10
Level 10

‎04-22-2004 10:52 PM - edited ‎03-09-2019 07:09 AM

Hi,

I've just captured a correct SNMP packet (trap to port 162) which triggered a Cisco SNMP Message Processing DoS (4513) alarm.

My understanding was that only GET or SET packets sent to UDP 162 should trigger the alarm.

But this is a TRAP packet, i.e. correct network traffic!!!

Regards,

Milan

Labels:
0 Helpful
3 Replies 3

umedryk
Level 5
Level 5

‎04-29-2004 06:15 AM

You can clearly define which port should trigger the alarm. You can exclude if you give a range...

0 Helpful

milan.kulik
Level 10
Level 10
In response to umedryk

‎04-29-2004 11:54 PM

Yes, but port 162 should trigger the alarm in the case there is a GET or SET sent to it!!!

It should NOT trigger an alarm when a TRAP is sent (which happens to me).

It seems like the RegexString being incorrect.

Regards,

Milan

0 Helpful

bfl1
Level 1
Level 1
In response to milan.kulik

‎04-30-2004 08:57 AM

I'm seeing the same thing... normal traps are triggering the signature.

0 Helpful
Customers Also Viewed These Support Documents