| ▲ | Group_B 2 days ago | |||||||||||||
You're secure if you don't expose SNMP. Can't believe there are that many devices out there with that exposed though. | ||||||||||||||
| ▲ | EvanAnderson 2 days ago | parent | next [-] | |||||||||||||
> You're secure if you don't expose SNMP. Depends what you mean by "expose". Some people could read that as "exposed to the Internet". I'm reading it as "exposed to anything". This looks like a good fun for doing lateral movement inside a network. I know of lots of environments with SNMPv2 wide open for "internal" networks to access. Plus SNMP is UDP-based, so likely the exploit will work with a one-way path and spoofed source addresses. | ||||||||||||||
| ||||||||||||||
| ▲ | wil421 2 days ago | parent | prev | next [-] | |||||||||||||
There’s no way ISPs can function without SNMP. I think network management is like a 1/3 of all traffic. We process billions and billions of traps daily. These are not on internet connected networks and some have dedicated channels. How did the attacker get the community string? | ||||||||||||||
| ||||||||||||||
| ▲ | duxup 2 days ago | parent | prev | next [-] | |||||||||||||
It's damned if you do damned if you don't. For smaller operations I think just disabling SNMP is safer due to constant bugs and issues. On the other hand bigger operations, you gotta monitor your devices. But now you’re open to the can of worms. | ||||||||||||||
| ▲ | FuriouslyAdrift 2 days ago | parent | prev [-] | |||||||||||||
good old SNMP v1 private/private | ||||||||||||||