Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 515 and SNMP

We recently enabled SNMP on our PIX 515 firewall to allow monitoring of the bandwidth by a network monitoring package. All was running fine for 4 weeks until last night. Our PIX was unresponsive to even a console session. This happened serveral times throught the night almost like a DOS attack was occurring.

We called Cisco this morning and they said that there is a hidden password that gets activated when SNMP is enabled that hackers try to expose. I have found no reference to this anywhere. Can anyone confirm this to be true?

Is anyone else out there using SNMP to monitor their PIX box? I know about the prior SNMP vunerability, but that affects 6.1(1) and below...we're running 6.3(5). We were not using access lists to control the SNMP traffic so could this be the cause of the attack? Ever since we have disabled SNMP on the PIX, we no longer have an issue. Any help or advice would be greatly appreciated. Thanks!

3 REPLIES

Re: PIX 515 and SNMP

I've been running SNMP on our PIX's for a couple of years w/no problems. I do use restrictions though.

'snmp-server host inside 10.1.2.3 poll'

I have never heard of a hidden password. Did they tell you what the password is?

Community Member

Re: PIX 515 and SNMP

Are you using any access list restrictions as well? Cisco is now saying it's a hardware issue and they're sending out a replacement PIX, but I still think we're getting DOS attacks either on our Edge Router (1721) or from some other external facing server. I'm just trying to gather some evidence that the SNMP on the PIX was not the issue were are seeing now.

Re: PIX 515 and SNMP

Yes I am using ACL's. You could turn on NBAR on the 1721 and see if it's SNMP. A sniffer might be even better.

109
Views
0
Helpful
3
Replies
CreatePlease to create content