1 Reply Latest reply on May 18, 2015 3:50 AM by silverbacksays

    NCM Triggers SNMP Protocol Violation on Cisco IPS


      I have a lrge number of alerts from my Cisco IPS (runing signature 867.0). They are all showing my NCM/NPM server as the attacker. The message is high 4507-6 SNMP Protocol Violation (<IPS HOST NAME>).

         sig_id = 4507

         sig_name = SNMP Protocol Violation

         sig_version = S751

         attacker_ip = xxx.xxx.xxx.xxx

         attacker_port = 59121

         attacker_locality = OUT

         victim_ip = xxx.xxx.xxx.xxx

         victim_port = 161


      This signature has a reliability rating of 100. That means there are no known false positives.


      Has anyone experience of this and what may be causing it?






      Orion Platform: 2015.1.0

      NCM: 7.3.2

      NPM: 11.5

      Operating System: Windows Server 2008 R2