I have a lrge number of alerts from my Cisco IPS (runing signature 867.0). They are all showing my NCM/NPM server as the attacker. The message is high 4507-6 SNMP Protocol Violation (<IPS HOST NAME>).
sig_id = 4507
sig_name = SNMP Protocol Violation
sig_version = S751
attacker_ip = xxx.xxx.xxx.xxx
attacker_port = 59121
attacker_locality = OUT
victim_ip = xxx.xxx.xxx.xxx
victim_port = 161
This signature has a reliability rating of 100. That means there are no known false positives.
Has anyone experience of this and what may be causing it?
Orion Platform: 2015.1.0
Operating System: Windows Server 2008 R2
Do you get these alerts at a time when NCM is running scheduled jobs, for example trying to backup the configs from your network devices? You may need to adjust how NCM connects to your target devices (SSH instead, for example).