GEN:SID 1:1420
Message SNMP trap tcp
Summary This event is generated when an SNMP-Trap connection over TCP to an SNMP
daemon is made.
Impact Information gathering
Detailed Information The SNMP (Simple Network Management Protocol) Trap daemon usually
listens on port 162, tcp or udp.

An attacker may attempt to send this request to determine if a device is
using SNMP.
Affected Systems Devices running SNMP daemons on well known ports.
Attack Scenarios An attacker sends a packet directed to tcp port 162, if sucessful a
reply is generated and the attacker may then launch further attacks
against the SNMP daemon.
Ease of Attack Simple.
Corrective Action Use a packet filtering firewall to protect devices using the SNMP
protocol and only allow connections from well-known hosts.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012

Rule References bugtraq: 4088
bugtraq: 4089
bugtraq: 4132
cve: 2002-0012
cve: 2002-0013