Snort mailing list archives

Re: Snort-1.8.7 + snmp support

From: twig les <twigles () yahoo com>
Date: Fri, 26 Jul 2002 12:24:50 -0700 (PDT)

Go into the misc.rules file and comment out the
offending rules.


--- "Schlottmann, Philipp, HO"
<Philipp.Schlottmann () de bertrandt com> wrote:

Hi.

I configured snort with mysql database output and
snmp trap sending support.

I only once force an event being triggered by using
"nmap -sS someIP" and
snort does produce an enormous neverending amount of
SNMP traps (UDP). I
checked it with tcpdump and grep'ed the community
string. The SNMP traps
themselves being again recognized by snort cause
kind of an endless loop! My
ACID console with underlying mysql snort db gets
performance problems and so
on.

How comes that snort produces SNMP traps all the
time just because of one
triggered signature...and it never ends up with
that?

How can I fix this? Is there a way to tell snort not
to recognize the snmp
traps it produced itself or to produce less traps or
at least end up within
some time?

Thanx a lot!

Philipp Schlottmann

-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort-1.8.7 + snmp support Schlottmann, Philipp, HO (Jul 26)
- Re: Snort-1.8.7 + snmp support Chris Green (Jul 26)
- Re: Snort-1.8.7 + snmp support twig les (Jul 26)