I have a lrge number of alerts from my Cisco IPS (runing signature 867.0). They are all showing my NCM/NPM server as the attacker. The message is high 4507-6 SNMP Protocol Violation (<IPS HOST NAME>).
sig_id = 4507
sig_name = SNMP Protocol Violation
sig_version = S751
attacker_ip = xxx.xxx.xxx.xxx
attacker_port = 59121
attacker_locality = OUT
victim_ip = xxx.xxx.xxx.xxx
victim_port = 161
This signature has a reliability rating of 100. That means there are no known false positives.
Has anyone experience of this and what may be causing it?
John
Orion Platform: 2015.1.0
NCM: 7.3.2
NPM: 11.5
Operating System: Windows Server 2008 R2