Aussie businesses targeted in spate of router attacks

By on
Aussie businesses targeted in spate of router attacks

Disable SNMP read/write and Cisco smart install.

Attackers are targeting Australian organisations with routers and switches exposed to the internet to steal configuration files and infiltrate their networks, the Australian Cyber Security Centre has warned.

The ACSC said it had identified a threat to switches with the Cisco smart install feature turned on, and routers or switches with simple network management protocol (SNMP) enabled and exposed to the internet.

It said attackers were extracting configuration files in order to nab admin credentials and compromise the router or switch, and potentially other devices on the network.

"Access to the device may facilitate malicious cyber adversaries gaining access to the information that flows through the device," the ACSC warned.

Cisco in February revealed attackers were targeting organisations with smart install enabled in order to abuse the protocol, obtain copies of customer configurations, and hopefully replace an IOS image and execute IOS commands.

Smart install is used by admins to give a switch a minimal configuration that is fetched from a central repository, but organisations can become vulnerable when the feature remains turned on after the device is live.

Smart install has been replaced in newer systems by Cisco's network plug and play feature.

The ACSC advised administrators to check their logs for any unusual activity like configurations or command output obtained by external sources via TFTP, SNMP queries from unexpected sources, and configuration of unexpected GRE tunnels.

It suggested organisations disable SNMP read/write unless it is absolutely needed, in which case admins should either ensure SNMP cannot be connected to untrusted sources, or upgrade the service to SNMPv3 and change all community strings.

Access control lists should also be put in place to restrict SNMP access to the network management platform, and anti-spoofing should be configured at the network edge to drop spoofed packets.

Cisco's smart install feature should also be disabled unless it is strictly required, the ACSC said.

It urged any organisations affected by these attacks to report the incident.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco router security snmp
In Partnership With

Most Read Articles

NBN Co sees 250Mbps take-up rise after price cut

NBN Co sees 250Mbps take-up rise after price cut
ANZ and CBA push for consolidation of EFTPOS, BPAY and NPP

ANZ and CBA push for consolidation of EFTPOS, BPAY and NPP
Aussie Broadband lets customers 'kick' own connection

Aussie Broadband lets customers 'kick' own connection
Broadband tax bill gets senate committee green light

Broadband tax bill gets senate committee green light
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Driving business innovation through private cloud solutions
Driving business innovation through private cloud solutions
Future proofing your datacentre with hyperconverged infrastructure
Future proofing your datacentre with hyperconverged infrastructure
The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)
The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)
Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here

Events

Log In

Username / Email:
Password:
  |  Forgot your password?