[Snort-sigs] False Positive

ANDREW J WOOD AJWOOD at ...3229...
Fri May 26 05:04:49 EDT 2006



Rule: SNMP Missing Community String

--
Sid: 1893

--
Summary: Data appears to have the Public Community String Set

--
Impact: None

--
Detailed Information:


ID #TimeTriggered Signature
1 - 189362006-05-03 17:52:46[cve] [icat] [bugtraq] [local] [snort] SNMP
missing community string attempt

SensorNameInterfaceFilter
sdcsecwatch01eth0 none 

Alert Group  none 

IP 
Source Address Dest. Address VerHdr LenTOSlengthIDflagsoffsetTTLchksum
163.230.3.42163.230.120.13342007522394001278364

Options    none 

UDP
source portdest portlength
4652
[sans] [portsdb] [tantalo] [sstats] 161
[sans] [portsdb] [tantalo] [sstats] 55

Payload

Plain Display
Download of Payload
length = 47 000 : 30 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 20 02
0-.....public. . 010 : 04 00 EB D1 75 02 01 00 02 01 00 30 12 30 10 06
....u......0.0.. 020 : 0C 2B 06 01 02 01 2B 10 05 01 02 01 02 05 00
.+....+........


--
Affected Systems: Win2k SP4

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives: 

--
False Negatives:

--
Corrective Action:

--
Contributors: ajwood at ...3229...

-- 
Additional References:
If you need more info I'll be glad to help.
 
Thanks,
Andy


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060526/a43b9b04/attachment.html>


More information about the Snort-sigs mailing list