SNMP v2 trap - how to spoof the source address?
Posted on 2010-09-04
Consider the following:
Routers send their syslog messages to a FreeBSD syslog server which runs a parsing script to detect BGP up/down events. On detection of such events, the script generates a BGP trap (using Net-SNMP tools) towards Netcool probe.
[Router]----syslog---->[syslog server]----trap---->[Netcool probe]
Now the problem is that the trap contains the source address of the syslog server. However, the Netcool system needs to know the source of the original message (the router) for assurance purposes.
We considered an SNMP v1 trap and setting the agent address to that of the router, but the BGP v1 MIB does not contain the required bgpPeerRemoteAddr varbind. So we must use v2 traps.
Is there a way to spoof the source address of an SNMP v2 trap?