> -----Original Message-----
> From: Stackpole, Bill
> Sent: Wednesday, September 03, 1997 12:32 PM
> To: 'Juan Francisco Lopez'
> Subject: RE: SNMP security holes?!
>
>
>
> -----Original Message-----
> From: Juan Francisco Lopez [SMTP:flopez @
wizard .
infovia .
com .
gt]
> Sent: Tuesday, September 02, 1997 2:18 PM
> To: firewalls @
GreatCircle .
com
> Subject: SNMP security holes?!
>
> Hello everyone!
>
> Does any of you know of any security hole that are related to the use
> of SNMP? [Bill Stackpole] SNMP does really have any security built
> into it. There are community strings that permit/deny access to the
> agent on a device but these are passed across the wire in plain text.
> You can use something that is difficult to guess and for sure change
> the defaults!
> Can someone break into a network by using any SNMP based tool? [Bill
> Stackpole] Yes, if the person knows the "write" community string
> they can alter just about anything on a device. Including the
> security access lists. If I disable your security filter then I'm
> free to attack anything at your site.
> What are the recommended filters to put into the routers and/or
> servers
> in order to avoid any break-through? [Bill Stackpole] Don't enable
> SNMP on your security router. Filter out the SNMP ports for udp and
> tcp on the security router. Make the read/write community string
> obsure (i.e., try2guessthis1) and if your SNMP manager allows make
> them different for each device.
> TIA for any feedback...
>
> Francisco
> IIDS-Infovia
> Guatemala, C.A.
|
|
