| VID |
20014 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
Snmp |
| Detailed Description |
It is possible to obtain the operating system type and version of the remote host via SNMP. An attacker may use this information to gain more knowledge about the target host. |
| Recommendation |
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the list of the processes and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (execute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with private community names
- Unix : Configure 'get-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with private one (In windows NT, Control panel -> Services -> SNMP Service -> 'Security' tab, In windows 2000, Administrative tools -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
