begin Ben Rosenberg's quote: | No..God no. Disable that very, very quickly. It doesn't provide | connectivity at all. It's for monitoring systems and doing other | such things. :) | | Your safe if you just completely turn it off. :) i've been following the traffic on all this over on security focus, and it looks as if this is an *enormous* problem that is not going to disappear anytime soon. to quote from one post there: This is big. I strongly recommend disabling SNMP on as many devices as possible. It isn't a single vulnerability, but a suite of potentially hundreds of vulnerabilities. This is just the beginning, more will be coming. These problems aren't new; they have been known since the early 1990s. It's just that SNMP developers have always though of them as "bugs" rather than "vulnerabilities". Thousands of different devices, such as printers, are vulnerable. Somebody is going to develop an exploit that compromises the printer and forwards copies of everything printed back out to the hacker. This is only one example of the severity of the problem - there are many closed systems that cannot be updated; you can often disable SNMP, but you cannot update it and fix the bugs. You should also block UDP port 7 (echo) on your firewalls. Spoofed SNMP requests can be bounced off of such ports. Don't rely upon IP access control lists to protect you. UDP is stateless and packets can be spoofed. SNMP has always been a huge vulnerability, even when it could not be directly exploited. Your first impulse should always be to disable it. There are exploits that have been used in the underground for years that still haven't made it to bugtraq. Some older versions of Solaris (2.6?) put n SNMP service at a port in the range 32768-32800 (same vulnerability as putting a portmapper at a high port). This wasn't mentioned in the CERT advisory. If you are a heavy Sun shop, these should be blocked anyway. Monitor the "snmp" group at 1.3.6.1.2.1.11. Some of these statistics will track some of the bad stuff that this exploits generates. It's a poor-man's network IDS to detect people playing around on your network. [eoq] scary stuff. -- dep if you go with the flow you'll get chopped to pieces by the turbines.