[Snort-users] Snort-1.8.7 + snmp support

Schlottmann, Philipp, HO Philipp.Schlottmann at ...6359...
Fri Jul 26 10:42:16 EDT 2002


Hi.

I configured snort with mysql database output and snmp trap sending support.

I only once force an event being triggered by using "nmap -sS someIP" and
snort does produce an enormous neverending amount of SNMP traps (UDP). I
checked it with tcpdump and grep'ed the community string. The SNMP traps
themselves being again recognized by snort cause kind of an endless loop! My
ACID console with underlying mysql snort db gets performance problems and so
on.

How comes that snort produces SNMP traps all the time just because of one
triggered signature...and it never ends up with that?

How can I fix this? Is there a way to tell snort not to recognize the snmp
traps it produced itself or to produce less traps or at least end up within
some time?

Thanx a lot!

Philipp Schlottmann




More information about the Snort-users mailing list