From: StudyManiac (groupstudy1@xxxxxxxx)
Date: Wed Feb 13 2002 - 20:38:12 GMT-3
"Turning off" and "filtering" are not the same - the recommendation is to
FILTER SNMP. You should know and have a finite number of SNMP Management
consoles in your network. FILTER SNMP so that only those machines can poll
the routers on your network.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Matt Wagner
Sent: Wednesday, February 13, 2002 12:04 PM
To: ccielab@groupstudy.com
Subject: OT: SNMP warning from CERT yesterday
Any thoughts on the SNMP warning from CERT yesterday? The recommendations
were for obvious things: only explicitly permit traffic; don't open LAN
protocols on your perimeter, take your management subnet out of band, etc.
One thing was troubling, though. X-Force says that Cisco routers configured
to filter SNMP traffic might fail to do so and permit a DoS attack. Huh?
Anybody have better information on less obvious steps to take? Turning off
SNMP on my private network seems a bit extreme since I'm using Network
Management Software.
Matt
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:22 GMT-3