4 Replies Latest reply on Apr 9, 2009 5:05 PM by bbartrum

    Rogue System Detection - SNMP/telnet alerts from Switches/UPS/Hardware

      Can anyone help with the following issue:

      We have Rogue System Detection installed on 3 machines in a particular subnet. On this subnet and other subnets we have connected Cisco switches, routers, UPS and other hardware devices.

      Daily we get a flood of SNMP alerts from these devices to warn of unauthorised access attempts on SNMP, telnet and HTTP ports, from these 3 machines that have the Rogue detection software installed.

      I cannot see any where an option in EPO 4.0 to black list devices from been "probed" by this software, or any settings under the Rogue detection itself. As far as we were concerned, this software should just listen and capture frames, reporting MAC addresses to the EPO server, rather than actively seek out devices and try to access them.

      Many thanks in advance if anyone can help.