[BlueOnyx:15420] Open SNMP DDOS attack vector
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Tue May 20 12:09:08 -05 2014
Over the past couple of weeks, we've seen an uptick in reports of DDOS
attempts using open SNMP servers. A handful of those have been
BlueOnyx servers with SNMP enabled.
In case you're unfamiliar, the current rash of SNMP-based attacks isn't
exactly new, and it's nearly identical to what we saw not very long ago
with the DNS amplification exploits. I'm not quite sure why we seem to
be catching more of it now.
My suggestion is this: unless you are actively using SNMP to communicate
with your BlueOnyx server, leave SNMP service disabled from the GUI.
There's no need to run it if you're not using it, and it's only another
door for bad guys.
If you do use SNMP, I encourage you to use a nice, cryptic string as
your public string. For instance "PUBLIC" or "SNMP" would be examples
of what not to use. I would encourage you to treat your SNMP string as
a password and make it nice and strong.
If you want some further reading on SNMP attacks, this is pretty easy to
read:
https://bechtsoudis.com/hacking/snmp-reflected-denial-of-service/
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list