RE: SNMP warning from CERT yesterday

From: Matt Wagner (miguknom@xxxxxxxxxxx)
Date: Thu Feb 14 2002 - 02:51:15 GMT-3

• Next message: Chua, Parry: "RE: route-map logic"
• Previous message: Ahmed Mamoor Amimi: "Re: Regarding Access-Expressions - Confirmation Needed"
• Maybe in reply to: Jason Graun: "RE: SNMP warning from CERT yesterday"
• Next in thread: Jay Hennigan: "RE: SNMP warning from CERT yesterday"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
right. Sorry, I forgot to state that the initial warning recommended
turning off SNMP entirely. Subsequent warnings took into account that we
can't just do that, but warned of a failure of a configured ACL to actually
filter the SNMP traffic (with no explicit reason why).

----Original Message Follows----
From: "StudyManiac" <groupstudy1@home.com>
Reply-To: <groupstudy1@home.com>
To: "'Matt Wagner'" <miguknom@hotmail.com>, <ccielab@groupstudy.com>
Subject: RE: SNMP warning from CERT yesterday
Date: Wed, 13 Feb 2002 18:38:12 -0500
MIME-Version: 1.0
Received: from [24.0.95.148] by hotmail.com (3.2) with ESMTP id
MHotMailBE3443E800664004311118005F94CEA60; Wed, 13 Feb 2002 15:38:16 -0800
Received: from jaalbregw2k2 ([68.82.170.134]) by
femail23.sdc1.sfba.home.com (InterMail vM.4.01.03.20
201-229-121-120-20010223) with ESMTP id
<20020213233815.ART29482.femail23.sdc1.sfba.home.com@jaalbregw2k2>;
Wed, 13 Feb 2002 15:38:15 -0800
>From groupstudy1@home.com Wed, 13 Feb 2002 15:40:13 -0800
Message-ID: <000001c1b4e7$81f70860$660410ac@jaalbregw2k2>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <F168oe2U8QVjp3b6uIU000027d2@hotmail.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

"Turning off" and "filtering" are not the same - the recommendation is to
FILTER SNMP. You should know and have a finite number of SNMP Management
consoles in your network. FILTER SNMP so that only those machines can poll
the routers on your network.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Matt Wagner
Sent: Wednesday, February 13, 2002 12:04 PM
To: ccielab@groupstudy.com
Subject: OT: SNMP warning from CERT yesterday

Any thoughts on the SNMP warning from CERT yesterday? The recommendations
were for obvious things: only explicitly permit traffic; don't open LAN
protocols on your perimeter, take your management subnet out of band, etc.
One thing was troubling, though. X-Force says that Cisco routers configured
to filter SNMP traffic might fail to do so and permit a DoS attack. Huh?
Anybody have better information on less obvious steps to take? Turning off
SNMP on my private network seems a bit extreme since I'm using Network
Management Software.

Matt

• Next message: Chua, Parry: "RE: route-map logic"
• Previous message: Ahmed Mamoor Amimi: "Re: Regarding Access-Expressions - Confirmation Needed"
• Maybe in reply to: Jason Graun: "RE: SNMP warning from CERT yesterday"
• Next in thread: Jay Hennigan: "RE: SNMP warning from CERT yesterday"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:22 GMT-3