>Well, against my protests, I am being directed to open these ports for SNMP
>through the Firewall.
>Could anyone please reply with URL's that discuss the security issues with
>opening these ports.
>
>Thanks for your time,
>
>John
>
>
>Port Type Protocol
>161 UDP SNMP
>162 UDP SNMP
>6665 UDP SNMP
>26017 UDP SNMP
If you can block all inbound "GET" and "PUT" and allow only the SNMP
responses, you should be OK. However, this requires looking inside the
SNMP packets. I have also seen references to SNMP proxies that may be
able to "sanitize" your SNMP traffic.
BTW, try to negotiate access to traffic counters from the external boxes.
One way we've found to detect new intrusion attempts comes from traffic
rate monitoring.
Bob Wilson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
