From: Joseph Ezerski (jezerski@xxxxxxxxxxxx)
Date: Wed Feb 13 2002 - 14:58:41 GMT-3
I think the easiest first step (until you can upgrade your border router and
DMZ devices to the new code) is to drop an ACL on the SNMP community. It is
the easiest way and only takes a second. It buys you the time to plan for
the upgrade, if that is your goal.
-Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Matt Wagner
Sent: Wednesday, February 13, 2002 9:04 AM
To: ccielab@groupstudy.com
Subject: OT: SNMP warning from CERT yesterday
Any thoughts on the SNMP warning from CERT yesterday? The recommendations
were for obvious things: only explicitly permit traffic; don't open LAN
protocols on your perimeter, take your management subnet out of band, etc.
One thing was troubling, though. X-Force says that Cisco routers configured
to filter SNMP traffic might fail to do so and permit a DoS attack. Huh?
Anybody have better information on less obvious steps to take? Turning off
SNMP on my private network seems a bit extreme since I'm using Network
Management Software.
Matt
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:21 GMT-3