Vulnerability Development mailing list archives

Re: (U) Exploiting Poor SNMP Security

From: Paul Cardon <paul () MOQUIJO COM>
Date: Mon, 18 Dec 2000 13:20:34 -0500

Dan Kaminsky wrote:


[SNIP]

On the flipside, a default ruleset of:

    block in from any to any
    block out from any to any
    pass in proto tcp from any to any port 80
    pass out proto tcp from any port 80 to any

    ...will actually automatically ban SNMP, FTP, even ICMP...only HTTP
traffic incoming and outgoing will get through.


Just a quick syntax correction to fill in the missing '=' on the port
comparison:

        pass in proto tcp from any to any port = 80
        pass out proto tcp from any port = 80 to any

which can also be rendered in one line as:

        pass in proto tcp from any to any port = 80 keep state

-paul

Current thread:

(U) Exploiting Poor SNMP Security Morrow Dana TSgt AMC CSS/NOSA (Dec 15)
- Re: (U) Exploiting Poor SNMP Security Dan Kaminsky (Dec 16)
  - Re: (U) Exploiting Poor SNMP Security Kurt Grutzmacher (Dec 18)
  - Re: (U) Exploiting Poor SNMP Security Paul Cardon (Dec 18)