sig 4507 - snmp protocol violation

Unanswered Question
Mar 6th, 2002
User Badges:

Has anyone seen signature 4507 tripped like this:


4,1000937,2002/03/05,14:43:58,2002/03/05,08:43:58,10008,201,1,IN,IN,5,4507,0,TCP/IP,x.x.194.199,x.x.255.255,1243,161,0.0.0.0,Bad length


What does this mean? I don't have any snmp running from x.x.194.199 that I know of. It is a user's WS.


Thanks for any help...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
anthall Wed, 03/06/2002 - 10:11
User Badges:
  • Cisco Employee,

Signature 4507 fires when a protocol decode of 161u traffic fails stay within the bounds of the SNMP protocol. There are some SNMP implementations that have been know to cause a false positive, however we don't know of any non-SNMP traffic causing false positives.

I would verify that SNMP isn't running on the machine, or that the user wasn't messing around with something. If you find that it is a false positive, please provide [email protected] a network trace and Cisco will correct it.


Thanks

Actions

This Discussion