Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

SNMP question

Posted on 2016-10-12
4
Medium Priority
?
52 Views
Last Modified: 2016-10-28
Recently I received a call from our security team and they found a cisco router could be accessed thru 3 public fixed IP with SNMP.
I checked the router config but did not see any clue.
Would there be any thing I should look further in the router in order to verify?
0
Comment
Question by:techy98
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 21

Expert Comment

by:netcmh
ID: 41840246
Once logged in, issue the "show running-config |  inc snmp-server" command.

You'll see:

snmp-server community public RO

or something like that. Change it to something more secure and turn off SNMP access from the outside via ACLs.
1
 

Author Comment

by:techy98
ID: 41840390
Thanks Netcmh! For example, if the range of public fixed ip is 1.1.1.0/25, then 1.1.1.30, 1.1.1.31 and 1.1.1.126 can be accessed from outside and SNMP v2 can only be used. Based on your suggestion, should I configure like this?

conf t
access-list 110 deny udp any any eq snmp
access-list 110 permit ip any any interface f0/0
access-group 110 in
0
 
LVL 21

Expert Comment

by:netcmh
ID: 41840401
Close.

conf t
 access-list 110 deny udp any any eq snmp
 access-list 110 permit ip any any
interface f0/0
 access-group 110 in
0
 
LVL 80

Accepted Solution

by:
arnold earned 1500 total points
ID: 41840675
Before adding the above, make sure what the current external acces list if any us applied, usually incoming ACL includes access restriction I.e. Management of the device from dedicated locations.
The scan might be originating from "authorized" location within the company I.e. The restriction is in place from external sources.

There are SNMP tools, try to see if you can access it from outside your companies network
1

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question