Rule:--Sid:1426--Summary:This event is generated when an attempt is made to attack a device using SNMP v1.--Impact:Varies depending on the implementation. Ranges from Denial of Service (DoS) to code execution.--Detailed Information:SNMP is a widely adopted protocol for managing IP networks, including individual network devices, and devices in aggregate. Several network devices come pre-installed with this protocol for management and monitoring.A number of vulnerabilities exist in SNMP v1, including a community string buffer overflow, that will allow an attacker to execute arbitrary code or shutdown the service.--Affected Systems:Any implementation of SNMP v1 protocol	--Attack Scenarios:An attacker needs to send a specially crafted packet to UDP port 161 of a vulnerable device, causing a Denial of Service or possible execution of arbitrary code.--Ease of Attack:Simple.--False Positives:None known.--False Negatives:None known.--Corrective Action:Disable the SNMP v1 protocol, use SNMP v2 protocol as an alternative.Disable the use of SNMP for devices that do not need it.Use Ingress/Egress filtering on a packet filtering firewall.--Contributors:Sourcefire Research TeamBrian Caswell <bmc@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>Snort documentation contributed by Nawapong Nakjang (tony@ksc.net, tonie@thai.com)--Additional References:CERT:http://www.cert.org/advisories/CA-2002-03.html--