LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 01-14-2008, 07:19 AM   #1
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
SNMP configuration in cisco routers


Hello all,
This is probably not a linux question, so i am putting it in general forum.

I have found that routers running SNMP on udp port 161 generally have very weak RO and some times RW community string, which can be either found using dictionary attack or brute forcing.
Why these community strings are available to the world (RO atleast) ?

Is there not any way that we configure SNMP on router but give access to it from intranet only and not from internet ???
How to configure that ?


regards
 
Old 01-14-2008, 08:02 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
of course there's a way, there are loads. firstly it is *YOUR* responsibiltiy to use a good community string in the first place. if the RO string is still "public", then you deserve all you get, right?

after that, standard access lists can be attached to a community string:

Code:
Router(config)# snmp-server community c0m4cc3ss ro SNMPCLIENTS
where SNMPCLIENTS is an access lsit defining clients.

and of course you should be putting your routers behind well configured firewalls...
 
Old 01-15-2008, 01:40 AM   #3
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Original Poster
Rep: Reputation: 45
Ok thanks,
Is there anything which can be configured on router from its GUI instead of configuring the ACL's ?


regards
 
Old 01-15-2008, 03:25 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
No idea. Learn IOS properly. it's great.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SNMP agents automatically installed on switches, routers and servers? hondo Linux - Networking 3 08-13-2007 08:31 PM
snmp routers loganwva Linux - Hardware 0 04-23-2006 12:17 PM
need to make backups of cisco routers jrmontg Linux - Networking 1 04-26-2005 10:12 AM
Cisco 1600 routers siawash Linux - Networking 13 12-05-2004 04:04 PM
Distro for Cisco Routers xushi Linux - Networking 0 11-24-2004 07:40 AM


All times are GMT -5. The time now is 08:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration