Can some one please advise me how to close port 161 and 162 as there is a service that test my line for issues and need to fix the issue below
Summary:
SNMP is enabled and may be vulnerable

Risk: High (3)
Port: 161/udp
Protocol: udp
Threat ID: net_snmp_snmp

Details: CVE 2002-0012
CVE 2002-0013
CVE 2002-0053
Vulnerabilities in many different implementations of
SNMPv1 could allow a remote attacker to create a denial of
service or gain unauthorized access.
The type and severity of the problem varies with different
vendors. Vulnerabilities
may include buffer overflows, format string problems, or
improper data handling in either the request handling or
trap handling portions of the protocol implementation.
Some exploits would require an attacker to supply a correct
read-only or read-write community string
for the device, but other exploits would not.
06/12/02
CVE 2002-0796
CVE 2002-0797
SunOS 5.6 through 5.8 (Solaris 2.6 through also run a set
of daemons on high numbered UDP ports which
manage specific types of traps
received on port 162. A buffer overflow in one of these
managers, mibiisa, combined with a format string
problem in the SNMP daemon, could allow a remote attacker
to gain root access.

Information From Target:
Service: snmp

/ip fitewall filter add chain=input dst-port=162,163 protocol=udp action=block

I try to find the block action but there is none
in the filter rules?
Thank you

from vulnerability description - RouterOS is not prone to these problems. As it has very limited write access.

On the other hand, SNMP with some security enabled would be nice, just configure your community appropriately. First step is to disable public community that is set there by default.

If you want to simply block it for other hosts, you can create rule that will match Ip addresses against address-list and reject packets like this:

/ip firewall filter chain=input src-address-list=trusted action accept
and for the rest of field
/ip firewall filter chain=input action=reject reject-with=icmp-port-unreachable

or these ports will be flagged as open anyway since icmp message of port unreachable is expected reply from remote host.

Thank you for your time
I thought you might like to know
public community: it was disabled
I am not allowed to block specific IPs since those are used for PCI compliance testing

I finally got a good test back but after I reset the router to factory defaults 3 times

I am in Q for testing one more time to see what the results will be