We recently enabled SNMP on our PIX 515 firewall to allow monitoring of the bandwidth by a network monitoring package. All was running fine for 4 weeks until last night. Our PIX was unresponsive to even a console session. This happened serveral times throught the night almost like a DOS attack was occurring.
We called Cisco this morning and they said that there is a hidden password that gets activated when SNMP is enabled that hackers try to expose. I have found no reference to this anywhere. Can anyone confirm this to be true?
Is anyone else out there using SNMP to monitor their PIX box? I know about the prior SNMP vunerability, but that affects 6.1(1) and below...we're running 6.3(5). We were not using access lists to control the SNMP traffic so could this be the cause of the attack? Ever since we have disabled SNMP on the PIX, we no longer have an issue. Any help or advice would be greatly appreciated. Thanks!
Are you using any access list restrictions as well? Cisco is now saying it's a hardware issue and they're sending out a replacement PIX, but I still think we're getting DOS attacks either on our Edge Router (1721) or from some other external facing server. I'm just trying to gather some evidence that the SNMP on the PIX was not the issue were are seeing now.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...