Aussie businesses targeted in spate of router attacks

By on
Aussie businesses targeted in spate of router attacks

Disable SNMP read/write and Cisco smart install.

Attackers are targeting Australian organisations with routers and switches exposed to the internet to steal configuration files and infiltrate their networks, the Australian Cyber Security Centre has warned.

The ACSC said it had identified a threat to switches with the Cisco smart install feature turned on, and routers or switches with simple network management protocol (SNMP) enabled and exposed to the internet.

It said attackers were extracting configuration files in order to nab admin credentials and compromise the router or switch, and potentially other devices on the network.

"Access to the device may facilitate malicious cyber adversaries gaining access to the information that flows through the device," the ACSC warned.

Cisco in February revealed attackers were targeting organisations with smart install enabled in order to abuse the protocol, obtain copies of customer configurations, and hopefully replace an IOS image and execute IOS commands.

Smart install is used by admins to give a switch a minimal configuration that is fetched from a central repository, but organisations can become vulnerable when the feature remains turned on after the device is live.

Smart install has been replaced in newer systems by Cisco's network plug and play feature.

The ACSC advised administrators to check their logs for any unusual activity like configurations or command output obtained by external sources via TFTP, SNMP queries from unexpected sources, and configuration of unexpected GRE tunnels.

It suggested organisations disable SNMP read/write unless it is absolutely needed, in which case admins should either ensure SNMP cannot be connected to untrusted sources, or upgrade the service to SNMPv3 and change all community strings.

Access control lists should also be put in place to restrict SNMP access to the network management platform, and anti-spoofing should be configured at the network edge to drop spoofed packets.

Cisco's smart install feature should also be disabled unless it is strictly required, the ACSC said.

It urged any organisations affected by these attacks to report the incident.

Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco router security snmp
In Partnership With

Most Read Articles

NBN Co leaves fresh batch of FTTC converts until last

NBN Co leaves fresh batch of FTTC converts until last
NBN Co has 'under 500' congested fixed wireless cells

NBN Co has 'under 500' congested fixed wireless cells
Aussie firms targeted by Russian state hackers

Aussie firms targeted by Russian state hackers
IBM Australia cuts analytics and support staff

IBM Australia cuts analytics and support staff
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators

Events

Log In

Username / Email:
Password:
  |  Forgot your password?