I imagine that 161 is outbound from the inside network to the devices you are
monitoring via SNMP and 162 (trap) is inbound to the internal network from
the devices you are monitoring. Two things you want to do
are:
1. Block SNMP coming from the Internet on your Internet router.
2. Change the default SNMP read and read/write community string
defaults on all devices which are public and private to something else.
One risk of SNMP is that the SNMP-set PDU on port 161 can be used to
change a device's configuration. SNMP-get PDU on 161 can be used to
get information about a device's configuration. That's why I'd
block SNMP from the Internet. Also, community strings, which essentially
are passwords, are in plain text in most current implementations and
have a well known default.
If you block SNMP from the Internet and set up your FW rules to be
specifically from the monitoring device to/from the monitored device
you will be more secure. Sometimes SNMP is an necessary evil.
-Art
At 09:27 AM 3/14/00 -0500, Payton, John wrote:
>Well, against my protests, I am being directed to open these ports for SNMP
>through the Firewall.
>Could anyone please reply with URL's that discuss the security issues with
>opening these ports.
>
>Thanks for your time,
>
>John
>
>
>Port Type Protocol
>161 UDP SNMP
>162 UDP SNMP
>6665 UDP SNMP
>26017 UDP SNMP
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
===========================================
Art Coble
Lucent - Netcare Professional Services
Senior Network Consultant
Email: [EMAIL PROTECTED]
Page: 800 INS 1 INS
=============================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
