| VID |
20019 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The SNMP agent allows remote users to access the RMON information.
The RMON MIB (Management Information Base) provides a standard method to monitor the basic operations of the network, providing interoperability between SNMP management stations and monitoring agents.
RMON has four major functions:
- Setting alarms for user-defined events
- Gathering real-time and historical Ethernet statistics
- Logging events
- Sending traps for events
Access rights to these RMON MIB must be carefully administered. |
| Recommendation |
If the manufacturer provides the access control facilities for RMON queries, follow their recommendations to properly support your site's security policy.
-- OR --
1. If SNMP is not required, disable the service.
- UNIX : Kill the snmp process found from the list of the processes and remove it from any RC scripts.
- Solaris 10, Solaris 11:
# svcadm disable svc:/application/management/snmpdx
- Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
# /etc/init.d/snmpd stop
# rpm -e (snmp name)
- Windows : Stop the SNMP service and change Startup type to Disabled (In windows execute services.msc -> Services -> SNMP Service)
2. If you need SNMP for network management, make sure it is properly configured with private community names
- Unix : Configure 'set-community-name' line in /etc/snmpd.conf
- Router : Type 'show config' and make sure 'snmp-community' is properly configured
- Windows : Configure the community name with private one (In windows execute services.msc -> Services -> SNMP Service -> 'Security' tab)
3. Filter incoming traffic to the 161/udp port |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1797 (ISS) |
|
