[Snort-users] Cert Advisory and now no SNMP traps. (Absent jusqu'au 29/07/2002)

Pascal Painparay pascal.painparay at ...8874...
Mon Apr 21 06:45:24 EDT 2003


Je suis absent jusqu'au 21/04/03 inclus. 
En cas d'urgence, Vous pouvez contacter :
  Christophe Savin au 01 49 15 32 75.

Cdt
Pascal Painparay

>>> snort-users 04/21/03 15:18 >>>

"larosa, vjay" <larosa_vjay at ...3331...> writes:

> Well I have to say this sucks. Now those of us that rely on SNMP traps
> are forced to upgrade to snort 2.0 and will lose our NMS
> integrations.

SNMPTrap was removed because it was easier to throw away
functionality than to verify it's string handling operations. I don't
know of an exact vulnerability

You have 2 choices:

1) Merge in snmptrap from 1.9 ( pretty easy task ) This is entirely
   unsupported.
2) Switch to a different output mechanism like syslog.
>
> Anyway, I am going to write a program to select events of interest from
> A Mysql database and will send SNMP traps to the NMS on behalf of snort.

If you are going to do this, I'd recommend you instead write a plugin
for barnyard.
-- 
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list