Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is my router owned? How would I know?

  • From: Mikael Abrahamsson
  • Date: Sat Jan 14 05:26:49 2006

On Sat, 14 Jan 2006, Alexei Roudnev wrote:

Some Cisco IOS'es have numerous bugs, related to SNMP (I watched few cases,
when all Cisco's 72xx lost configuration becuase of receivbing something
bogus), so SNMP should be filtered out from public internet.
The major problem people forget is that snmp is UDP and if there is any way what so ever to spoof your management station, someone will be able to upload your config to whereever unless you have tightened down what can be done via snmp write.

As soon as they have your config they're likely to be able to progress further unless you have very tight security.

Also remember that the private key for SSH is in the config so if they get it, ssh offers no protection either.

Rule of thumb: All keys (tacacs keys, snmp communities etc) should be unique for each device, so if someone gets the config, they cannot use the information on other devices in your network.

--
Mikael Abrahamsson email: swmike@swm.pp.se




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.