A good quick solution for this is to block snmp at your border routers and
access-list the links you have to customers, and also block echo (7/udp) as
it can be used to relay snmp attacks by spoofing the source address and
port.  

This still doesn't protect you from people on the inside, but most
organizations still need to run it for monitoring.

Jay

> -----Original Message-----
> From: Bret Baptist [mailto:bbaptist at iexposure.com] 
> Sent: Wednesday, February 13, 2002 10:27 AM
> To: tclug-list at mn-linux.org
> Subject: [TCLUG] SNMP HOLE
> 
> 
> I am on the securityfocus bugtraq mailing list.  If you are 
> also on it you 
> may have noticed all the SNMP advisories coming through, for 
> all you that are 
> not on the bugtraq list, shame on you.
> 
> Anyway the main point of this whole thing is to advise people 
> if they are 
> running SNMP it might be a very good idea to disable it.  
> There are a slew of 
> Denial of Service attacks and possible expoits that were just 
> released.
> 
> Here is an article to start you out:
> http://www.securityfocus.com/news/328
> 
> I need to get to work on my servers, see ya.
> 
> 
> -- 
> Bret Baptist
> Systems and Technical Support Specialist
> bbaptist at iexposure.com
> Internet Exposure, Inc.
> http://www.iexposure.com
>  
> (612)676-1946 x17
> Web Development-Web Marketing-ISP Services
> ------------------------------------------
> 
> 
> if u cn rd ths, u cn gt a gd jb n cmptr prgrmmng.
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. 
> Paul, Minnesota
> http://www.mn-linux.org
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>