Menu
▾
▴
Re: [Netdisco] Security issue: Sending SNMP strings to all CDP devices
|
From: <A.L...@lb...> - 2006-03-08 09:02:25
|
Hi, > The best solution to this problem is to disable CDP on all user switch > ports. Any other ideas? that is one 'fix'. Another is to use encrypted/authenticated SNMP (eg V3) so that the attacker cannot sniff the passwords. However, some trivial changes can also protect. 1) make sure switches are on a management VLAN with a known series of IP addresses - then make sure netdisco only looks for those addresses 2) ACL your switch VLAN properly - then what does it matter if the attacker has your SNMP 'read' commungity string - surely you dont have the same 'write' string (which shouldnt be used anyway!). they cannot get a link to your switch/router management then anyway. alan |
