Rogue System Detection - SNMP/telnet alerts from Switches/UPS/Hardware
Can anyone help with the following issue:
We have Rogue System Detection installed on 3 machines in a particular subnet. On this subnet and other subnets we have connected Cisco switches, routers, UPS and other hardware devices.
Daily we get a flood of SNMP alerts from these devices to warn of unauthorised access attempts on SNMP, telnet and HTTP ports, from these 3 machines that have the Rogue detection software installed.
I cannot see any where an option in EPO 4.0 to black list devices from been "probed" by this software, or any settings under the Rogue detection itself. As far as we were concerned, this software should just listen and capture frames, reporting MAC addresses to the EPO server, rather than actively seek out devices and try to access them.
I had the same issue here. This is what I did to resolve it.
1. Go to your RSD policy. 2. Go to the Detection tab 3. Under Device Details detection make sure the box "Do not run NetBios calls against devices on these networks" is enabled. 4. Add you devices with 32bit Subnet mask ex: 10.215.1.1 / 32
This alleviated our firewalls from complaining all of the time 🙂