10 Oct
2015
10 Oct
'15
3:06 p.m.
Subject:
[44net] PTD
From:
Brian <n1uro(a)n1uro.ampr.org>
Date:
10/10/2015 04:13 AM
To:
44net(a)hamradio.ucsd.edu
Is anyone on PTD.net that's running SNMP?
Please MAKE SURE that you block all incoming SNMP traffic from internet to amprnet!
(especially when you are using community names like "public")
The bad guys use SNMP as an attack amplifier.
One time I moved a switch to another address and it became exposed, and within 3 days I
had an abuse report.
Now I have a general rule that drops all SNMP at our gateway.
(of course the real problem is the ISPs that refuse to implement BCP38, source address
filtering)
Rob