[Snort-users] Cert Advisory and now no SNMP traps.
cmg at ...1935...
Mon Apr 21 06:19:16 EDT 2003
"larosa, vjay" <larosa_vjay at ...3331...> writes:
> Well I have to say this sucks. Now those of us that rely on SNMP traps
> are forced to upgrade to snort 2.0 and will lose our NMS
SNMPTrap was removed because it was easier to throw away
functionality than to verify it's string handling operations. I don't
know of an exact vulnerability
You have 2 choices:
1) Merge in snmptrap from 1.9 ( pretty easy task ) This is entirely
2) Switch to a different output mechanism like syslog.
> Anyway, I am going to write a program to select events of interest from
> A Mysql database and will send SNMP traps to the NMS on behalf of snort.
If you are going to do this, I'd recommend you instead write a plugin
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx
More information about the Snort-users