| Ãë¾àÁ¡ID |
29151 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
22 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CISCO |
| »ó¼¼¼³¸í |
ÇØ´ç CISCO IOS´Â SNMPÀÇ ACLÀÌ ¼³Á¤µÇ¾î ÀÖÁö ¾Ê´Ù. SNMP ACLÀ» ¼³Á¤ÇÒ °æ¿ì Á¢¼Ó ´ë»ó È£½ºÆ®¸¦ ÁöÁ¤ÇÏ¿© Á¢±ÙÀÌ °¡´ÉÇÑ IP¸¦ Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. ÀÌ ±â´ÉÀ» »ç¿ëÇÏ¿© Á¤º¸ÀÇ ³ëÃâÀ» ±âº»ÀûÀ¸·Î Á¦ÇÑÇÏ´Â °ÍÀÌ ÇÊ¿äÇÏ´Ù. ÀÓÀÇÀÇ È£½ºÆ®¿¡¼ SNMP Á¢±ÙÀ» Â÷´ÜÇÏ¿© È£½ºÆ®·ÎºÎÅÍÀÇ Community String ÃßÃø°ø°ÝÀ» Â÷´ÜÇÒ ¼ö ÀÖ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
CISCO IOS |
| ÇØ°áÃ¥ |
´ÙÀ½°ú °°ÀÌ SNMP ACLÀ» ¼³Á¤ÇÑ´Ù.
access-list¸¦ ÀÌ¿ëÇÏ¿© ƯÁ¤ È£½ºÆ®¸¸ ¿¾î ÁÖ±â(port:161,162)
Router# config terminal
Router(config)# access-list 100 permit ip host 100.100.100.100 any
Router(config)# access-list 100 deny udp any any eq snmp
Router(config)# access-list 100 deny udp any any eq snmptrap
Router(config)# access-list 100 permit ip any any
Router(config)# interface serial 0 (ÇØ´ç ÀÎÅÍÆäÀ̽º¿¡ ¼³Á¤)
Router(config-if)# ip access-group 100 in
½Ã½ºÄÚ ½ºÀ§Ä¡ ÀåºñÀÎ °æ¿ì vlan¿¡ ¼³Á¤
Router(config)# interface vlan1
Router(config-if)# ip access-group 100 in |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
