Solved

SNMP question

Posted on 2016-10-12
4
43 Views
Last Modified: 2016-10-28
Recently I received a call from our security team and they found a cisco router could be accessed thru 3 public fixed IP with SNMP.
I checked the router config but did not see any clue.
Would there be any thing I should look further in the router in order to verify?
0
Comment
Question by:techy98
  • 2
4 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 41840246
Once logged in, issue the "show running-config |  inc snmp-server" command.

You'll see:

snmp-server community public RO

or something like that. Change it to something more secure and turn off SNMP access from the outside via ACLs.
1
 

Author Comment

by:techy98
ID: 41840390
Thanks Netcmh! For example, if the range of public fixed ip is 1.1.1.0/25, then 1.1.1.30, 1.1.1.31 and 1.1.1.126 can be accessed from outside and SNMP v2 can only be used. Based on your suggestion, should I configure like this?

conf t
access-list 110 deny udp any any eq snmp
access-list 110 permit ip any any interface f0/0
access-group 110 in
0
 
LVL 20

Expert Comment

by:netcmh
ID: 41840401
Close.

conf t
 access-list 110 deny udp any any eq snmp
 access-list 110 permit ip any any
interface f0/0
 access-group 110 in
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 41840675
Before adding the above, make sure what the current external acces list if any us applied, usually incoming ACL includes access restriction I.e. Management of the device from dedicated locations.
The scan might be originating from "authorized" location within the company I.e. The restriction is in place from external sources.

There are SNMP tools, try to see if you can access it from outside your companies network
1

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question