[Snort-users] Snort-1.8.7 + snmp support

twig les twigles at ...131...
Fri Jul 26 12:25:18 EDT 2002


Go into the misc.rules file and comment out the
offending rules.


--- "Schlottmann, Philipp, HO"
<Philipp.Schlottmann at ...6359...> wrote:
> Hi.
> 
> I configured snort with mysql database output and
> snmp trap sending support.
> 
> I only once force an event being triggered by using
> "nmap -sS someIP" and
> snort does produce an enormous neverending amount of
> SNMP traps (UDP). I
> checked it with tcpdump and grep'ed the community
> string. The SNMP traps
> themselves being again recognized by snort cause
> kind of an endless loop! My
> ACID console with underlying mysql snort db gets
> performance problems and so
> on.
> 
> How comes that snort produces SNMP traps all the
> time just because of one
> triggered signature...and it never ends up with
> that?
> 
> How can I fix this? Is there a way to tell snort not
> to recognize the snmp
> traps it produced itself or to produce less traps or
> at least end up within
> some time?
> 
> Thanx a lot!
> 
> Philipp Schlottmann
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




More information about the Snort-users mailing list