HowTo - Disable an open SNMP server?

SNMP is short for Simple Network Management Protocol (SNMP). It is a common protocol for network management.

 

Open SNMP server

Open SNMP Servers can be used to collect privileged information from the system or to write new settings to the system, if not correctly configured. In addition, it can be used in performing a special type of DDoS attack, called an amplification attack.

 

Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim.


Recommended Action

We advise you to only allow connections from trustworthy sources when configuring your SNMP server and firewall. You should also avoid using the widely used community strings 'public' or 'private', since these are easily guessed.

Usually, this boils down to blocking or restricting access to port 161/udp on your VPS. You can use the following commands below to see if your server is vulnerable:

 

$ snmpget -c public -v 2c <IP address here> 1.3.6.1.2.1.1.1.0
$ snmpget -c public -v 2c <IP address here> 1.3.6.1.2.1.1.5.0
$ nmap -sU -p 161 <IP address here>

 

How to close it?

Debian:

$ sudo ufw deny 161

 

CentOS:

$ sudo firewall-cmd --zone=public --permanent --remove-port=161/udp
$ sudo firewall-cmd --reload




 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section