There are situations when one source spams a huge number of snmp traps to the server. How can you make sure that if there are more than 1000 traps per second from one source, then do not receive anything from it for an hour
listener script:
<code>from pysnmp.entity import engine, config
from pysnmp.carrier.asyncore.dgram import udp
from pysnmp.entity.rfc3413 import ntfrcv
from datetime import datetime
snmpEngine = engine.SnmpEngine()
print('Agent is listening SNMP2 Trap on {} , Port : {}'.format(
TrapAgentAddress, Port))
print(
'--------------------------------------------------------------------------'
)
config.addTransport(
snmpEngine, udp.domainName + (1, ),
udp.UdpTransport().openServerMode(('localhost', 162)))
# Configure community here
config.addV1System(snmpEngine, ' ', 'public')
def cbFun(snmpEngine, stateReference, contextEngineId, contextName, varBinds,
cbCtx):
print('n{0}New trap message received on {1} {0}'.format(
'-' * 20,
datetime.now().strftime('%d-%b-%Y at %H:%M:%S')))
execContext = snmpEngine.observer.getExecutionContext(
'rfc3412.receiveMessage:request')
print('Trap is coming from %s:%s' % execContext['transportAddress'])
for name, val in varBinds:
print('{0} = {1}'.format(name.prettyPrint(), val.prettyPrint()))
print('{0}Trap message ends{0}n'.format('-' * 20))
ntfrcv.NotificationReceiver(snmpEngine, cbFun)
snmpEngine.transportDispatcher.jobStarted(1)
try:
snmpEngine.transportDispatcher.runDispatcher()
except:
snmpEngine.transportDispatcher.closeDispatcher()
raise
</code>
<code>from pysnmp.entity import engine, config
from pysnmp.carrier.asyncore.dgram import udp
from pysnmp.entity.rfc3413 import ntfrcv
from datetime import datetime
snmpEngine = engine.SnmpEngine()
print('Agent is listening SNMP2 Trap on {} , Port : {}'.format(
TrapAgentAddress, Port))
print(
'--------------------------------------------------------------------------'
)
config.addTransport(
snmpEngine, udp.domainName + (1, ),
udp.UdpTransport().openServerMode(('localhost', 162)))
# Configure community here
config.addV1System(snmpEngine, ' ', 'public')
def cbFun(snmpEngine, stateReference, contextEngineId, contextName, varBinds,
cbCtx):
print('n{0}New trap message received on {1} {0}'.format(
'-' * 20,
datetime.now().strftime('%d-%b-%Y at %H:%M:%S')))
execContext = snmpEngine.observer.getExecutionContext(
'rfc3412.receiveMessage:request')
print('Trap is coming from %s:%s' % execContext['transportAddress'])
for name, val in varBinds:
print('{0} = {1}'.format(name.prettyPrint(), val.prettyPrint()))
print('{0}Trap message ends{0}n'.format('-' * 20))
ntfrcv.NotificationReceiver(snmpEngine, cbFun)
snmpEngine.transportDispatcher.jobStarted(1)
try:
snmpEngine.transportDispatcher.runDispatcher()
except:
snmpEngine.transportDispatcher.closeDispatcher()
raise
</code>
from pysnmp.entity import engine, config
from pysnmp.carrier.asyncore.dgram import udp
from pysnmp.entity.rfc3413 import ntfrcv
from datetime import datetime
snmpEngine = engine.SnmpEngine()
print('Agent is listening SNMP2 Trap on {} , Port : {}'.format(
TrapAgentAddress, Port))
print(
'--------------------------------------------------------------------------'
)
config.addTransport(
snmpEngine, udp.domainName + (1, ),
udp.UdpTransport().openServerMode(('localhost', 162)))
# Configure community here
config.addV1System(snmpEngine, ' ', 'public')
def cbFun(snmpEngine, stateReference, contextEngineId, contextName, varBinds,
cbCtx):
print('n{0}New trap message received on {1} {0}'.format(
'-' * 20,
datetime.now().strftime('%d-%b-%Y at %H:%M:%S')))
execContext = snmpEngine.observer.getExecutionContext(
'rfc3412.receiveMessage:request')
print('Trap is coming from %s:%s' % execContext['transportAddress'])
for name, val in varBinds:
print('{0} = {1}'.format(name.prettyPrint(), val.prettyPrint()))
print('{0}Trap message ends{0}n'.format('-' * 20))
ntfrcv.NotificationReceiver(snmpEngine, cbFun)
snmpEngine.transportDispatcher.jobStarted(1)
try:
snmpEngine.transportDispatcher.runDispatcher()
except:
snmpEngine.transportDispatcher.closeDispatcher()
raise
As a result, if there are more than 1000 packets per second from one source, block it