Solved

SNMP question

Posted on 2016-10-12
4
38 Views
Last Modified: 2016-10-28
Recently I received a call from our security team and they found a cisco router could be accessed thru 3 public fixed IP with SNMP.
I checked the router config but did not see any clue.
Would there be any thing I should look further in the router in order to verify?
0
Comment
Question by:techy98
  • 2
4 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 41840246
Once logged in, issue the "show running-config |  inc snmp-server" command.

You'll see:

snmp-server community public RO

or something like that. Change it to something more secure and turn off SNMP access from the outside via ACLs.
1
 

Author Comment

by:techy98
ID: 41840390
Thanks Netcmh! For example, if the range of public fixed ip is 1.1.1.0/25, then 1.1.1.30, 1.1.1.31 and 1.1.1.126 can be accessed from outside and SNMP v2 can only be used. Based on your suggestion, should I configure like this?

conf t
access-list 110 deny udp any any eq snmp
access-list 110 permit ip any any interface f0/0
access-group 110 in
0
 
LVL 20

Expert Comment

by:netcmh
ID: 41840401
Close.

conf t
 access-list 110 deny udp any any eq snmp
 access-list 110 permit ip any any
interface f0/0
 access-group 110 in
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 41840675
Before adding the above, make sure what the current external acces list if any us applied, usually incoming ACL includes access restriction I.e. Management of the device from dedicated locations.
The scan might be originating from "authorized" location within the company I.e. The restriction is in place from external sources.

There are SNMP tools, try to see if you can access it from outside your companies network
1

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now