This test checks that management protocols are unavailable at customer ports and that users are prevented from interfering with equipment management. Network equipment must ignore incoming management traffic from customer ports.
Impact: MITM, DoS, Abuse
- Malicious runs a TCP SYN scan for all addresses on standard ports for FTP, SSH, Telnet, HTTP, and HTTPS.
- Malicious attempts an SNMP Get, a Ping Request, and an NTP Get for all management addresses.
- One of the TCP ports is listening for traffic.
- Malicious receives an answer to an SNMP Get, Ping Request, or NTP Get.
This test conforms to SEC Access Certification ID "SEC-CM-NEM-1" and to SAVI RFC 6959 section 3.1.7.
- Malicious Customer: A customer interface performing malicious actions.
- Management IPs: IP addresses used to manage equipment, separated by commas (,).