Solved

SNMP question

Posted on 2016-10-12
4
40 Views
Last Modified: 2016-10-28
Recently I received a call from our security team and they found a cisco router could be accessed thru 3 public fixed IP with SNMP.
I checked the router config but did not see any clue.
Would there be any thing I should look further in the router in order to verify?
0
Comment
Question by:techy98
  • 2
4 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 41840246
Once logged in, issue the "show running-config |  inc snmp-server" command.

You'll see:

snmp-server community public RO

or something like that. Change it to something more secure and turn off SNMP access from the outside via ACLs.
1
 

Author Comment

by:techy98
ID: 41840390
Thanks Netcmh! For example, if the range of public fixed ip is 1.1.1.0/25, then 1.1.1.30, 1.1.1.31 and 1.1.1.126 can be accessed from outside and SNMP v2 can only be used. Based on your suggestion, should I configure like this?

conf t
access-list 110 deny udp any any eq snmp
access-list 110 permit ip any any interface f0/0
access-group 110 in
0
 
LVL 20

Expert Comment

by:netcmh
ID: 41840401
Close.

conf t
 access-list 110 deny udp any any eq snmp
 access-list 110 permit ip any any
interface f0/0
 access-group 110 in
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 41840675
Before adding the above, make sure what the current external acces list if any us applied, usually incoming ACL includes access restriction I.e. Management of the device from dedicated locations.
The scan might be originating from "authorized" location within the company I.e. The restriction is in place from external sources.

There are SNMP tools, try to see if you can access it from outside your companies network
1

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now