[nsp-sec] DNS and SNMP Reflection Attack Hosts
Joel L. Rosenblatt
joel at columbia.edu
Mon Jun 24 13:14:27 EDT 2013
I can't really do that .. University with open network
I'll have to think about this one
Thanks,
Joel
Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
On Mon, Jun 24, 2013 at 12:44 PM, Tom Paseka <tom at cloudflare.com> wrote:
> Joel,
>
> On Mon, Jun 24, 2013 at 9:39 AM, Joel L. Rosenblatt <joel at columbia.edu>
> wrote:
>>
>> ----------- nsp-security Confidential --------
>>
>>
>> Now, my question is - are these machines compromised or are they just
>> acting as designed
>>
>
> With SNMP reflection - they're acting as designed. Someone is spoofing an IP
> address - then doing a SNMP get against the printers.
>
> You should lock down SNMP access to them.
>
> Cheers,
> Tom
More information about the nsp-security
mailing list