| VID |
20017 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
It is possible to obtain the information about network routing table of the remote host via SNMP. Many Simple Network Management Protocol (SNMP) agents support the MIB-II IP routing table. This table contains the IP address, its network mask, the prototype, and the gateway of each route supported by the networked device. An attacker may use this information to gain more knowledge about the target host. |
| Recommendation |
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the list of the processes and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (Execute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with private community names
- Unix : Configure 'get-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with private one (IExecute services.msc -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1796 (ISS) |
|
