slipy120
asked on
PCI DSS and UDP port 161
Hello,
Today we ran a PCI DSS compliance check and failed due to UDP port 161 being open. My first thought was "Ok, I'll just close it".
We have Charter Business and they now lock admin access to the modem/router and do not let customers access the device. So my next step was to call Charter and have them close the port on my device and they said they do not do that, only port forwarding. I could always have the Charter modem bridged and add a router behind the modem and block the port there, but this is a small business, one PC and CC terminal are the only devices and I do not want to add the cost of a new device. Also the employees are not tech savy and having another device for them to deal with would be cumbersome.
Do I have options or do I have to suck it up and add a separate router?
Today we ran a PCI DSS compliance check and failed due to UDP port 161 being open. My first thought was "Ok, I'll just close it".
We have Charter Business and they now lock admin access to the modem/router and do not let customers access the device. So my next step was to call Charter and have them close the port on my device and they said they do not do that, only port forwarding. I could always have the Charter modem bridged and add a router behind the modem and block the port there, but this is a small business, one PC and CC terminal are the only devices and I do not want to add the cost of a new device. Also the employees are not tech savy and having another device for them to deal with would be cumbersome.
Do I have options or do I have to suck it up and add a separate router?
Last Comment
ASKER
Router is in routed mode. The only devices are the credit terminal and the PC and both have a local IP address.
UDP 161 is SNMP polling/managment port.
if you have a linux system, use snmpwalk -v 2c -p public <Public IP of the remote Side> and see what you get returned.
Check with the charter to see whether they have that port enable so they can monitor traffic/bandwidth usage.
Alternatively, locate a windows SNMP walker tool.
and see what it reports.
if you have a linux system, use snmpwalk -v 2c -p public <Public IP of the remote Side> and see what you get returned.
Check with the charter to see whether they have that port enable so they can monitor traffic/bandwidth usage.
Alternatively, locate a windows SNMP walker tool.
and see what it reports.
FYI .... SNMP runs on ports 160 and 161, if you want to leave these open for remote
management, the danger is that an attacker might also find out that these ports are open and get an in-depth look at the network.
Check PCI DSS 3.1 at requirement 1.1.6 https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
For compliance enable snmp v3
management, the danger is that an attacker might also find out that these ports are open and get an in-depth look at the network.
Check PCI DSS 3.1 at requirement 1.1.6 https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
For compliance enable snmp v3
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
None of the provided solutions were valid.
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
I.e. The charter device/router is already in bridge mode.
Gave the user get network status/display ip if it is anything other than 10.x.x.x 172.16-31.x.x or 192.168.x.x they have a public ip, and have to go though the network and disable/disallow SNMP port access from everything.
Alternatively, check with charter what mode us their device in routed/bridged? I think they should be able to tell you.