We have recently been receiving email alerts from UPSs across our corporation indicating unexpected SNMP traffic from our primary Orion platform server. A sample alert is as follows...
Name : UPSDEVICENAME Location : SNMP Location Contact : Contact Information Serial # : BA123456789 Device Ser #: AS123456789 Date: 08/21/2014 Time: 11:04:54 Code: 0x0004 Informational - System: Detected an unauthorized user attempting to access the SNMP interface from (ip address of our primary Orion server)
What is odd about this as that all of the UPSs are assigned to be polled from the additional polling engines (although SNMP from the primary is not blocked by the device). We would not expect polling of these to initiate from our primary Orion server. We did change our standard SNMP community string recently, though I have checked a sampling of the devices having this issue, and confirmed they are all configured to use the correct/new string and not the incorrect/old one.
Our environment is as follows: Orion Platform 2014.1.0, SAM 6.1.0, IPAM 4.1, NCM 7.3, NPM 10.7, PM 2.0, IVIM 1.9.0
Any suggestions on what may be causing this traffic?