Welcome, Guest. Please login or register.

Author Topic: Security reminder: Be sure to configure "netfilter"!  (Read 4314 times)

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Security reminder: Be sure to configure "netfilter"!
« on: July 09, 2013, 08:34:57 PM »
When Nedi discovers a CDP or LLDP neighbor, it will begin sending all your read-only SNMP strings to it.  If this device is a hacker on your network running CDPd, then the hacker can easily learn these SNMP communities.

Additionally, if the hacker can convince Nedi they are a valid device, then Nedi will also try to backup the device using SSH or Telnet.  This will enable a hacker to get full access to the usernames and passwords to all your devices.

The best protection for this attack is to configure your netfilter (found inside nedi.conf) to strictly match only your devices and never an IP that a user can be assigned.

# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
netfilter       172.16|172.31

Cheers and be safe!

Tristan
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!