Management protocol scanning

This test checks that management protocols are unavailable at customer ports and that users are prevented from interfering with equipment management. Network equipment must ignore incoming management traffic from customer ports.

Impact: MITM, DoS, Abuse

Test process

  • Malicious runs a TCP SYN scan for all addresses on standard ports for FTP, SSH, Telnet, HTTP, and HTTPS.
  • Malicious attempts an SNMP Get, a Ping Request, and an NTP Get for all management addresses.

Fail criteria

  • One of the TCP ports is listening for traffic.
  • Malicious receives an answer to an SNMP Get, Ping Request, or NTP Get.

References

This test conforms to SEC Access Certification ID "SEC-CM-NEM-1" and to SAVI RFC 6959 section 3.1.7.

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • Management IPs: IP addresses used to manage equipment, separated by commas (,).
Have more questions? Submit a request

Comments

Powered by Zendesk