04-22-2004 10:52 PM - edited 03-09-2019 07:09 AM
Hi,
I've just captured a correct SNMP packet (trap to port 162) which triggered a Cisco SNMP Message Processing DoS (4513) alarm.
My understanding was that only GET or SET packets sent to UDP 162 should trigger the alarm.
But this is a TRAP packet, i.e. correct network traffic!!!
Regards,
Milan
04-29-2004 06:15 AM
You can clearly define which port should trigger the alarm. You can exclude if you give a range...
04-29-2004 11:54 PM
Yes, but port 162 should trigger the alarm in the case there is a GET or SET sent to it!!!
It should NOT trigger an alarm when a TRAP is sent (which happens to me).
It seems like the RegexString being incorrect.
Regards,
Milan
04-30-2004 08:57 AM
I'm seeing the same thing... normal traps are triggering the signature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide