[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Restricting SNMP
 Date:  Fri, 10 Sep 2004 17:18:52 -0400 
> 
> Are you sure its not TCP ? Those were TCP ports i checked for earlier i belive
> anyway... have you tried allow rule then a seperate deny rule ? TCP/UDP ?
> 

TCP scan:

su-2.05b# nmap -sS -p 161-162 192.168.1.1

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-09-10 18:09 EDT
Interesting ports on 192.168.1.1:
PORT    STATE  SERVICE
161/tcp closed snmp
162/tcp closed snmptrap


UDP scan:

su-2.05b# nmap -sU -p 161-162 192.168.1.1

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-09-10 18:08 EDT
Interesting ports on 192.168.1.1:
PORT    STATE         SERVICE
161/udp open|filtered snmp
162/udp closed        snmptrap


Scans from my monitoring host are identical to another host on my LAN,
and only the monitoring host should be allowed by the rule I put in. 
I haven't spent much time looking at it, but will later.

-Chris