1 Reply Latest reply on May 18, 2015 3:50 AM by silverbacksays

    NCM Triggers SNMP Protocol Violation on Cisco IPS

    morrisonj

      I have a lrge number of alerts from my Cisco IPS (runing signature 867.0). They are all showing my NCM/NPM server as the attacker. The message is high 4507-6 SNMP Protocol Violation (<IPS HOST NAME>).

         sig_id = 4507

         sig_name = SNMP Protocol Violation

         sig_version = S751

         attacker_ip = xxx.xxx.xxx.xxx

         attacker_port = 59121

         attacker_locality = OUT

         victim_ip = xxx.xxx.xxx.xxx

         victim_port = 161

       

      This signature has a reliability rating of 100. That means there are no known false positives.

       

      Has anyone experience of this and what may be causing it?

       

       

       

      John

       

      Orion Platform: 2015.1.0

      NCM: 7.3.2

      NPM: 11.5

      Operating System: Windows Server 2008 R2