GEN:SID 1:1421
Message SNMP AgentX/tcp request
Summary This event is generated when an attempt is made to attack a device using
SNMP v1.
Impact Varies depending on the implementation. Ranges from Denial of Service
(DoS) to code execution.
Detailed Information SNMP is a widely adopted protocol for managing IP networks, including
individual network devices, and devices in aggregate.

Several network devices come pre-installed with this protocol for
management and monitoring.

A number of vulnerabilities exist in SNMP v1, including a community
string buffer overflow, that will allow an attacker to execute arbitrary
code or shutdown the service.
Affected Systems Any implementation of the SNMP v1 protocol
Attack Scenarios An attacker needs to send a specially crafted packet to UDP port 705
of a vulnerable device, causing a Denial of Service or possible
execution of arbitrary code.
Ease of Attack Simple.
Corrective Action Disable the SNMP v1 protocol, use SNMP v2 protocol as an alternative.

Disable the use of SNMP for devices that do not need it.

Use Ingress/Egress filtering on a packet filtering firewall.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
Rule References bugtraq: 4088
bugtraq: 4089
bugtraq: 4132
cve: 2002-0012
cve: 2002-0013