Re: [AFMUG] Inexpensive but great router

[George Skorup (Cyber Broadcasting)]

Yes, you risk exposing internal network info to outside attackers on any 
router that's facing the interwebs. Using a community string other than 
public or private is usually sufficient for security by obscurity, but I 
would lock it down a bit more.

On 3/17/2015 10:45 PM, Kurt Fankhauser wrote:
Even if its just for read only access?

Kurt Fankhauser

Wavelinc Communications

P.O. Box 126

Bucyrus, OH 44820

http://www.wavelinc.com <http://www.wavelinc.com/>

tel. 419-562-6405

fax. 419-617-0110


On Tue, Mar 17, 2015 at 11:43 PM, George Skorup (Cyber Broadcasting) 
<geo...@cbcast.com <mailto:geo...@cbcast.com>> wrote:

    Uh, yeah. You could also lock down the SNMP service to your NOC
    subnet(s), etc.

    On 3/17/2015 10:42 PM, Kurt Fankhauser wrote:
    I too have SNMP enabled on all 2011's. Should I be changing the
    community string to something other than public?


    Kurt Fankhauser

    Wavelinc Communications

    P.O. Box 126

    Bucyrus, OH 44820

    http://www.wavelinc.com <http://www.wavelinc.com/>

    tel. 419-562-6405 <tel:419-562-6405>

    fax. 419-617-0110 <tel:419-617-0110>


    On Tue, Mar 17, 2015 at 10:48 PM, Ken Hohhof <af...@kwisp.com
    <mailto:af...@kwisp.com>> wrote:

        Why do you say that?  How do you monitor them without SNMP? 
        You could certainly apply firewall rules to port 161 to
        restrict access if you are worried about DoS attacks or
        community string dictionary attacks.
        Is your comment specifically about the 2011?  I have SNMP
        enabled on all of mine.
        *From:* John Woodfield <mailto:john.woodfi...@jwcn.biz>
        *Sent:* Tuesday, March 17, 2015 9:42 PM
        *To:* af@afmug.com <mailto:af@afmug.com>
        *Subject:* Re: [AFMUG] Inexpensive but great router

        +1 on 2011's but don't enable SNMP on them

        John Woodfield, President

        Delmarva WiFi Inc.

        410-870-WiFi



        -----Original Message-----
        From: "Brett A Mansfield" <br...@silverlakeinternet.com
        <mailto:br...@silverlakeinternet.com>>
        Sent: Tuesday, March 17, 2015 9:21pm
        To: af@afmug.com <mailto:af@afmug.com>
        Subject: [AFMUG] Inexpensive but great router

        Anyone have a suggestion on an inexpensive but really good
        router that can handle routing 4 VLANs and OSPF? I need to
        replace my EdgeRouters that panic weekly. I have one at each pop.

        Thank you,
        Brett A Mansfield