Hello everybody!
I have a question concerning FW-1's (v2.1, Solaris 2.5.1) SNMP daemon.
With the default communities, ISS Firewall Scanner was able to contact
it and fetch his MIB. Setting the communities to something non-obvious,
the scanner got no response from the port. But, isn't it vulnerable to a
brute-force password-guessing attack? It seems better to directly block
(with some rule o rules) any connection to the daemon.
I tried many rules for blocking SNMP (with the default communities), but
the scanner allways got the MIB. Even the default "catch-all" rule
doesn't take effect!
The question is: how can I block a connection to SNMP daemon?
As another question, is it possible to log a SecuRemote site creation? I
mean seeing when anybody configures my FW-1 as a site for his SecuRemote
client.
TIA
--
Sergio E. Bollini
LighTech Voice: (54-1) 373-1141
Ayacucho 563. Piso 13 Dto "A" FAX: (54-1) 373-1215
Buenos Aires e-mail: sbollini @
lightech .
com .
ar
Argentina URL: http://www.lightech.com.ar
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
|
|
