Avatar of slipy120
slipy120

asked on 

PCI DSS and UDP port 161

Hello,

Today we ran a PCI DSS compliance check and failed due to UDP port 161 being open. My first thought was "Ok, I'll just close it".

We have Charter Business and they now lock admin access to the modem/router and do not let customers access the device. So my next step was to call Charter and have them close the port on my device and they said they do not do that, only port forwarding. I could always have the Charter modem bridged and add a router behind the modem and block the port there, but this is a small business, one PC and CC terminal are the only devices and I do not want to add the cost of a new device. Also the employees are not tech savy and having another device for them to deal with would be cumbersome.

Do I have options or do I have to suck it up and add a separate router?
RoutersSecurityHardware FirewallsVulnerabilities

Avatar of undefined
Last Comment
slipy120
Avatar of arnold
arnold
Flag of United States of America image

Double check that the computer is not the one exposing port 161 (SNMP) polling port.
I.e. The charter device/router is already in bridge mode.

Gave the user get network status/display ip if it is anything other than 10.x.x.x 172.16-31.x.x or 192.168.x.x they have a public ip, and have to go though the network and disable/disallow SNMP port access from everything.

Alternatively, check with charter what mode us their device in routed/bridged?  I think they should be able to tell you.
Avatar of slipy120
slipy120

ASKER

Router is in routed mode. The only devices are the credit terminal and the PC and both have a local IP address.
Avatar of arnold
arnold
Flag of United States of America image

UDP 161 is SNMP polling/managment port.

if you have a linux system, use snmpwalk -v 2c -p public <Public IP of the remote Side> and see what you get returned.

Check with the charter to see whether they have that port enable so they can monitor traffic/bandwidth usage.

Alternatively, locate a windows SNMP walker tool.

and see what it reports.
Avatar of madunix
madunix

FYI ....  SNMP runs on ports 160 and 161, if you want to leave these open for remote
management, the danger is that an attacker might also find out that these ports are open and get an in-depth look at the network.

Check PCI DSS 3.1 at requirement 1.1.6  https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
For compliance enable snmp v3
ASKER CERTIFIED SOLUTION
Avatar of slipy120
slipy120

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of slipy120
slipy120

ASKER

None of the provided solutions were valid.
Routers
Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo