PROTOCOL-SNMP -- Snort has detected traffic that may indicate the presence of the snmp protocol or vulnerabilities in the snmp protocol on the network.
PROTOCOL-SNMP NT UserList
This event is generated when an attempt is made by Simple Network Management Protocol (SNMP) to enumerate Server Message Block (SMB) users on the host. Impact: Reconnaissance. An attacker may obtain SMB usernames of the remote host. Details: Server Message Block is a network file sharing protocol used between Windows hosts and Unix and between Windows hosts that communicate via Samba. SNMP can be used to query a remote host that listens for SNMP requests and supports SMB, to list the SMB usernames. This provides reconnaissance of valid usernames and may be followed by a brute force attack to guess passwords. Ease of Attack: A Nessus script exists to list current SMB users.
No information provided
No public information
No known false positives
Original rule written by Max Vision <vision@whitehats.com> Cisco Talos Judy Novak
No rule groups
None
No information provided
None
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
