Hi,
so, more on this...
- on ASR9k, SNMPv3 is subject to regular control plane ACLs, so
unless a SNMPv3 sender shows up in
control-plane
management-plane
inband
interface all
allow all peer
address ipv4 1.2.3.4/32
!
allow SNMP peer
Hi,
On Wed, Sep 21, 2022 at 08:14:30AM +0300, Hank Nussbacher wrote:
> Indeed the SNMP leaks appear to be exactly CSCtw74132 which we did not
> know about nor did Cisco TAC :-(
The more I dive into this, the more I want to return to my bed and
pull the blanket over my head...
So, the Cisco bug
On 20/09/2022 15:54, Simon Leinen wrote:
Gert Doering via cisco-nsp writes:
Hi,
On Mon, Sep 19, 2022 at 03:47:09PM +0300, Hank Nussbacher via cisco-nsp wrote:
On 19/09/2022 15:40, Gert Doering wrote:
https://www.cisco.com/c/dam/en/us/support/docs/csa/cisco-sa-20010227-ios-snmp-ilmi.html
[..
Gert Doering via cisco-nsp writes:
> Hi,
> On Mon, Sep 19, 2022 at 03:47:09PM +0300, Hank Nussbacher via cisco-nsp wrote:
>> On 19/09/2022 15:40, Gert Doering wrote:
> https://www.cisco.com/c/dam/en/us/support/docs/csa/cisco-sa-20010227-ios-snmp-ilmi.html
> [..]
>> > That said, I tried to reproduc
Hi,
On Mon, Sep 19, 2022 at 03:47:09PM +0300, Hank Nussbacher via cisco-nsp wrote:
> On 19/09/2022 15:40, Gert Doering wrote:
> > On Mon, Sep 19, 2022 at 02:29:06PM +0300, Hank Nussbacher via cisco-nsp
> > wrote:
> >> Recently Shodan has been showing how it probes all our IOS-XE routers
> >> via
On 19/09/2022 15:40, Gert Doering wrote:
HI,
On Mon, Sep 19, 2022 at 02:29:06PM +0300, Hank Nussbacher via cisco-nsp wrote:
Recently Shodan has been showing how it probes all our IOS-XE routers
via SNMP even though we have an ACL on all our SNMP. We then found that
there is a bugid on the issu
HI,
On Mon, Sep 19, 2022 at 02:29:06PM +0300, Hank Nussbacher via cisco-nsp wrote:
> Recently Shodan has been showing how it probes all our IOS-XE routers
> via SNMP even though we have an ACL on all our SNMP. We then found that
> there is a bugid on the issue (ILMI can't be blocked by ACL):
>
Recently Shodan has been showing how it probes all our IOS-XE routers
via SNMP even though we have an ACL on all our SNMP. We then found that
there is a bugid on the issue (ILMI can't be blocked by ACL):
CSCvs33325
As well as an internal TAC bugid:
CSCdp11863
Basically, none of the commands of
