TrustSec - SNMP Block but still showing in the ports scan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2021 09:02 AM
Hi All
I have TrustSec between two SGTs to deny SNMP 161 and 162. I see the SGACLs hits and it's denied. but the snmp port still showing in the port scan.
is this normal? it's just the ports showing in the scans ONLY. I can't get any SNMP query. I tried a brute force attack on the port and didn't get anywhere.
sh logging | in 10.XX.
Jun 8 10:46:08.634 CDT: %SEC-6-IPACCESSLOGP: list Deny_SNMP_Dst-01 denied udp 10.X.X.X(52586) -> 10.X.X.X(161), 1 packet
Jun 8 10:46:08.634 CDT: %RBM-6-SGACLHIT: ingress_interface='GigabitEthernet1/0/24' sgacl_name='Deny_SNMP_Dst-01' action='Deny' protocol='udp' src-vrf='def
show cts role-based permissions from 10002 to 10200
IPv4 Role-based permissions from group 10002:Network_Devices to group 10200:PLCs:
SNMP_Allow_Log-02
Permit IP-00
RBACL Monitor All for Dynamic Policies : FALSE
RBACL Monitor All for Configured Policies : FALSE
show cts role-based permissions from 0 to 10200
IPv4 Role-based permissions from group Unknown to group 10200:PLCs:
Deny_SNMP_Dst-01
Deny_SNMP_Src-01
Permit IP-00
RBACL Monitor All for Dynamic Policies : FALSE
RBACL Monitor All for Configured Policies : FALSE
show ip access-lists Deny_SNMP_Dst-01
Role-based IP access list Deny_SNMP_Dst-01 (downloaded)
10 deny udp dst eq snmp log (2170 matches)
20 deny udp dst eq snmptrap log (110 matches)
show ip access-lists Deny_SNMP_Src-01
Role-based IP access list Deny_SNMP_Src-01 (downloaded)
10 deny udp src eq snmp log (472 matches)
20 deny udp src eq snmptrap log
- Labels:
-
Other Network Security Topics
