Martinez, Mike (MHS-ACS)
2002-Feb-25 15:19 UTC
[Shorewall-users] Multiple Vulnerabilities in SNMP
Hi All, CERT has released a bulletin concerning multiple vulnerabilities in SNMP. CERT=AE Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP) http://www.cert.org/advisories/CA-2002-03.html One of the suggestion is to do ingress filtering (firewall rules) they suggest blocking: snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages but then they also suggest some other ports and also suggest blocking some rpc service related to snmp.... my questions is do the existing policies in shorewall block snmp by default? or do you have to setup some rules and/or modify the policies file? Mike
Mike, Policies are application-neutral -- if your net->all policy is DROP (the default), then ALL traffic from the net is dropped by default. Note: The rules in the common.def and icmp.def (common and icmpdef if present) files are exceptions. The former is used primarily to silently reject certain types of traffic while the latter only deals with the icmp protocol (which is again, application-neutral). -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net> -----Original Message----- > From: shorewall-users-admin@shorewall.net > [mailto:shorewall-users-admin@shorewall.net] On Behalf Of > Martinez, Mike (MHS-ACS) > Sent: Monday, February 25, 2002 7:19 AM > To: shorewall-users@shorewall.net > Subject: [Shorewall-users] Multiple Vulnerabilities in SNMP > > > Hi All, > > CERT has released a bulletin concerning multiple > vulnerabilities in SNMP. > > CERTR Advisory CA-2002-03 Multiple Vulnerabilities in Many > Implementations > of the Simple Network Management Protocol (SNMP) >http://www.cert.org/advisories/CA-2002-03.html One of the suggestion is to do ingress filtering (firewall rules) they suggest blocking: snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages but then they also suggest some other ports and also suggest blocking some rpc service related to snmp.... my questions is do the existing policies in shorewall block snmp by default? or do you have to setup some rules and/or modify the policies file? Mike _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users