From: James Self (j.self@xxxxxxxx)
Date: Wed Feb 13 2002 - 16:05:47 GMT-3
Block ports udp tcp 162 & 161 on the interface facing the internet (outside
router). That's where the hackers will be coming in at. Internally if
someone breaks into your SNMP then you have bigger issue
Thanks,
James L. Self
CCDP,CCNP,CCDA,CCNA,CNE
Sr. Network Engineer I
GNO/Advance Technical Support
Worldcom Managed Services
vnet 966-7450 or 919 377-7450
ATS_Team_C@lists.wcom.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Matt Wagner
Sent: Wednesday, February 13, 2002 12:04 PM
To: ccielab@groupstudy.com
Subject: OT: SNMP warning from CERT yesterday
Any thoughts on the SNMP warning from CERT yesterday? The recommendations
were for obvious things: only explicitly permit traffic; don't open LAN
protocols on your perimeter, take your management subnet out of band, etc.
One thing was troubling, though. X-Force says that Cisco routers configured
to filter SNMP traffic might fail to do so and permit a DoS attack. Huh?
Anybody have better information on less obvious steps to take? Turning off
SNMP on my private network seems a bit extreme since I'm using Network
Management Software.
Matt
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:21 GMT-3