We’re trying to activate a new peering connection with a partnet but we’re being denied because, according to them, our SNMP is answering requests on v3 and this can be abused for DDoS attacks.
Here’s the results with snmpwalk.
[root@dnslookup ~]# snmpwalk -v1 -c public 10.112.194.2
Timeout: No Response from 10.112.194.2
[root@dnslookup ~]# snmpwalk -v2c -c public 10.112.194.2
Timeout: No Response from 10.112.194.2
[root@dnslookup ~]# snmpwalk -v3 -c public 10.112.194.2
snmpwalk: No securityName specified
We’ve tried every single configuration in SNMP settings and it doesn’t matter what we change, v3 always answers back, changing the community name, authorized/private security, authentication/encryption methods/passwords, allowed IPs, everything.
The only way I managed to get the last snmpwalk above to timeout was by disabling SNMP on the router altogether.
[root@dnslookup ~]# snmpwalk -v3 -c public 10.112.194.2
snmpwalk: Timeout
Does anyone know a way to prevent this besides enabling the firewall just to filter it out?