Securing SNMP

Follow

Following on from DNS Amplification DDOS attacks, more recently SNMP services have been detected as being one of the contributors to DNS amplification Attacks.

Below are some basic steps, to reduce the effectiveness of these kind of attacks, by changing the default communities which are often exploited in attacks.

On Windows machines, SNMP is run through the 'SNMP' service, if it is installed.  To change the community string:
  • Open Control Panel -> Administrative Tools -> Services
  • Find 'SNMP Service', right click it, and choose Properties
  • On the Security tab, click the 'Add' button near 'Accepted community names'
  • Enter a secure password for this
  • Make sure to remove any insecure passwords (default values such as 'public' or 'private' are commonly abused, and should be avoided)
  • Click OK
  • Restart the SNMP service


On Linux machines, SNMP is commonly run through the net-snmp library:
  • Open your snmpd.conf file (usually /etc/snmp/snmpd.conf)
  • Find the line that looks like the example below: (the line will begin with com2sec and end with a password.  In this example, the password is 'public')
com2sec notConfigUser  default       public
  • Change the 'public' at the end of the line to a more secure password
  • Restart the SNMP server with: 'service snmpd restart'
Have more questions? Submit a request

Comments

Powered by Zendesk