Vulnerability Development mailing list archives
Re: (U) Exploiting Poor SNMP Security
From: Paul Cardon <paul () MOQUIJO COM>
Date: Mon, 18 Dec 2000 13:20:34 -0500
Dan Kaminsky wrote:
[SNIP]
On the flipside, a default ruleset of: block in from any to any block out from any to any pass in proto tcp from any to any port 80 pass out proto tcp from any port 80 to any ...will actually automatically ban SNMP, FTP, even ICMP...only HTTP traffic incoming and outgoing will get through.
Just a quick syntax correction to fill in the missing '=' on the port comparison: pass in proto tcp from any to any port = 80 pass out proto tcp from any port = 80 to any which can also be rendered in one line as: pass in proto tcp from any to any port = 80 keep state -paul
Current thread:
- (U) Exploiting Poor SNMP Security Morrow Dana TSgt AMC CSS/NOSA (Dec 15)
- Re: (U) Exploiting Poor SNMP Security Dan Kaminsky (Dec 16)
- Re: (U) Exploiting Poor SNMP Security Kurt Grutzmacher (Dec 18)
- Re: (U) Exploiting Poor SNMP Security Paul Cardon (Dec 18)
- Re: (U) Exploiting Poor SNMP Security Dan Kaminsky (Dec 16)