NetSight: Trap Log filling Up with Junk

  • 0
  • 1
  • Question
  • Updated 4 years ago
So there are a couple of computers on campus which run software that actively goes out and "seeks" for Multi-Function Printers and gets a status from them using snmp V1 with the public community string.  It runs through the entire network and retrieves responses back from the printers on their health, and more importantly, how many pages they printed for accounting purposes.

Since we don't use SNMP V1 on any of our devices, these queries are getting rejected and in turn filling up the trap log with "Incorrect Community Name" messages.  Hundreds of them.

Needless to say, this is quite annoying and when we go to look for legitimate traps in the NetSight log they've been overrun by this junk.

Any ideas on what to do about this?  The software needs to check so I'm not terribly concerned about the methodology, but I would like them to stop showing up in the trap log so we can get more meaningful information from it.

Thank you in advance!
Photo of Rich Upshaw

Rich Upshaw

  • 1,140 Points 1k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Jason Parker

Jason Parker, Employee

  • 3,038 Points 3k badge 2x thumb
The traps are expected if someone has your SNMP stations IP address. The best way to handle this is to capture snmp traffic with an sniffer.
another way (if using something like a SecureStack or S series) is to put in a manual policy to block SNMP such as the following examples:

set policy profile 45 name NoNo                                              <Name
set policy rule 45 ipsourcesocket 10.26.196.5  mask 32 drop       <Drop SNMP to destination 10.26.196.5
set policy rule 45 udpdestport 161 drop                                   <Drop SNMP
set policy rule 45 macsource 00-00-00-00-00-00  mask 48 drop    <Drop all MACSource of 00:00:00:00:00
set policy rule 45 ipsourcesocket 10.26.255.255:161  mask 48 drop <Drop all SNMP from this IP range
Photo of Rich Upshaw

Rich Upshaw

  • 1,140 Points 1k badge 2x thumb
Jason, This looks great.  I'll try putting this policy in place.  I'll let you know how it went.  Thanks!