Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
0
Helpful
1
Replies

sig 4507 - snmp protocol violation

ddinh
Level 1
Level 1

‎03-06-2002 06:30 AM - edited ‎03-08-2019 09:58 PM

Has anyone seen signature 4507 tripped like this:

4,1000937,2002/03/05,14:43:58,2002/03/05,08:43:58,10008,201,1,IN,IN,5,4507,0,TCP/IP,x.x.194.199,x.x.255.255,1243,161,0.0.0.0,Bad length

What does this mean? I don't have any snmp running from x.x.194.199 that I know of. It is a user's WS.

Thanks for any help...

Labels:
0 Helpful
1 Reply 1

anthall
Level 1
Level 1

‎03-06-2002 10:11 AM

Signature 4507 fires when a protocol decode of 161u traffic fails stay within the bounds of the SNMP protocol. There are some SNMP implementations that have been know to cause a false positive, however we don't know of any non-SNMP traffic causing false positives.

I would verify that SNMP isn't running on the machine, or that the user wasn't messing around with something. If you find that it is a false positive, please provide mcerha@cisco.com a network trace and Cisco will correct it.

Thanks

0 Helpful
Customers Also Viewed These Support Documents