How can I disable an open SNMP server?

What is an open SNMP server?
Simple Network Management Protocol (SNMP) is a common protocol for network management.

Open SNMP Servers can be used to collect privileged information from the system or even to write new 'settings' to the system if not correctly configured.

In addition, it can be used in performing a special type of DDoS attack called an "amplification attack".

Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim.

Recommended Action
You should configure your SNMP server and firewall to only allow connections from trusted sources. You should also never use the commonly used community strings "public" or "private" as these are easily guessed.

Usually, this boils down to blocking or restricting access to port 161/udp on your VPS. You can use the following commands below to see if your server is vulnerable:

snmpget -c public -v 2c <IP address here> 1.3.6.1.2.1.1.1.0
snmpget -c public -v 2c <IP address here> 1.3.6.1.2.1.1.5.0
nmap -sU -p 161 <IP address here>

 

 




 

 
Hebt u meer vragen? Een aanvraag indienen

0 Opmerkingen

Artikel is gesloten voor opmerkingen.