File: 1415.txt

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (76 lines) | stat: -rw-r--r-- 1,264 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Rule:

--
Sid:
1415

--

Summary:
This event is generated when an SNMP-Trap connection over UDP to a 
broadcast address is made.

--

Impact:
Information gathering

--

Detailed Information:
The SNMP (Simple Network Management Protocol) Trap daemon usually 
listens on port 161, tcp or udp.

An attacker may attempt to send this request to determine if any devices
are using SNMP.

--

Affected Systems:
Devices running SNMP Trap daemons on well known ports.

--

Attack Scenarios:
An attacker sends a packet directed to udp port 161, if sucessful a 
reply is generated and the attacker may then launch further attacks 
against the SNMP daemon on the responding IP addresses.

--

Ease of Attack:
Simple.

--

False Positives:
None known.

--

False Negatives:
None known.

--

Corrective Action:
Use a packet filtering firewall to protect devices using the SNMP 
protocol and only allow connections from well-known hosts.

--

Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
Snort documentation contributed by Chaos <c@aufbix.org>

-- 

Additional References:

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012

--