| Linode Forum https://forum.linode.com/ |
|
| SNMP port scan https://forum.linode.com/viewtopic.php?f=19&t=10910 |
Page 1 of 1 |
| Author: | jebblue [ Tue Mar 18, 2014 9:55 am ] |
| Post subject: | SNMP port scan |
Snort caught 184.105.139.67 doing SNMP scans of some kind, against my Linodes. Not sure if it's related to some recent SNMP vulnerability, just FYI make sure port 161 isn't available to the public unless you have a good reason for it. |
|
| Author: | masonm [ Tue Mar 18, 2014 3:44 pm ] |
| Post subject: | Re: SNMP port scan |
I find it's easier and more secure to whitelist the ports you need than to blacklist the ones you don't. It's definitely simpler to configure iptables that way. Here's the output of iptables-save on one of our web servers: Code: # Generated by iptables-save v1.4.7 on Tue Mar 18 15:42:25 2014 |
|
| Author: | jebblue [ Tue Mar 18, 2014 5:01 pm ] |
| Post subject: | Re: SNMP port scan |
I didn't (and don't) have my SNMP port open, did you read my comment that way? I was recommending to others that they might want to not have it open. And yeah, I would hope most people start with all closed then open what they need. |
|
| Author: | dwfreed [ Tue Mar 18, 2014 5:55 pm ] |
| Post subject: | Re: SNMP port scan |
It looks like that IP address is used by the Shadowserver Foundation, from whois info. From their site, it looks like they're scanning for people running open SNMP daemons to help ISPs combat DoS attacks at the source. That said, you shouldn't have a public facing SNMP daemon anyway  .
|
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|