[Snort-users] SNMP Rule to detect current threat?

Andrew R. Baker andrewb at ...950...
Thu Feb 14 14:49:08 EST 2002


Rich Adamson wrote:
> 
> Also, the destination port will be 161 (not 162) with a souce port of any
> (cannot assume > 1024).
 
Both snmptrapd and the snmp agents appear to be vulnerable, hence the
reason to watch for attacks to both port 161 (snmp) and 162 (snmptrap)




More information about the Snort-users mailing list