Answer:
Whether you're using SNMP or not, you may still be vulnerable to the new SNMP exploit. However, it is important to note that SNMP is a vulnerability in and of itself. Simple Network Management Protocol(SNMP) allows remote machines to collect data about the devices it runs on. Configurations, user accounts, network addresses, and much more information is stored within the Management Information Base (MIB) structure of SNMP. As a best practice, your perimeter router should be filtering all SNMP traffic. This will prevent any external user from "pulling" this information from your devices. In your access lists, at a minimum, deny ports 161 and 162 (both tcp and udp).
The Computer Emergency Response Team (CERT) at Carnegie Mellon University has additional information on the subject in their advisory: http://www.cert.org/advisories/CA-2002-03.html. According to their testing, equipment that disabled SNMP could still be vulnerable to the denial of service attack. To play it safe, and as good security practice, block the ports listed above and in the CERT advisory. NOTE: Disabling this service will prevent your ISP from collecting statistics on your Internet connection. Contact your ISP for guidance.
First published on BankersOnline.com 3/4/02
print
share