Community discussions

 
Railander
just joined
Topic Author
Posts: 24
Joined: Thu Jun 16, 2016 11:30 pm

SNMP v3 open

Thu Aug 31, 2017 11:48 pm

We're trying to activate a new peering connection with a partnet but we're being denied because, according to them, our SNMP is answering requests on v3 and this can be abused for DDoS attacks.
Here's the results with snmpwalk.
[root@dnslookup ~]# snmpwalk -v1 -c public 10.112.194.2
Timeout: No Response from 10.112.194.2
[root@dnslookup ~]# snmpwalk -v2c -c public 10.112.194.2
Timeout: No Response from 10.112.194.2
[root@dnslookup ~]# snmpwalk -v3 -c public 10.112.194.2
snmpwalk: No securityName specified
We've tried every single configuration in SNMP settings and it doesn't matter what we change, v3 always answers back, changing the community name, authorized/private security, authentication/encryption methods/passwords, allowed IPs, everything.

The only way I managed to get the last snmpwalk above to timeout was by disabling SNMP on the router altogether.
[root@dnslookup ~]# snmpwalk -v3 -c public 10.112.194.2
snmpwalk: Timeout
Does anyone know a way to prevent this besides enabling the firewall just to filter it out?

Who is online

Users browsing this forum: No registered users and 36 guests