We recently enabled SNMP on our PIX 515 firewall to allow monitoring of the bandwidth by a network monitoring package. All was running fine for 4 weeks until last night. Our PIX was unresponsive to even a console session. This happened serveral times throught the night almost like a DOS attack was occurring.
We called Cisco this morning and they said that there is a hidden password that gets activated when SNMP is enabled that hackers try to expose. I have found no reference to this anywhere. Can anyone confirm this to be true?
Is anyone else out there using SNMP to monitor their PIX box? I know about the prior SNMP vunerability, but that affects 6.1(1) and below...we're running 6.3(5). We were not using access lists to control the SNMP traffic so could this be the cause of the attack? Ever since we have disabled SNMP on the PIX, we no longer have an issue. Any help or advice would be greatly appreciated. Thanks!