disable SNMP on netgear FWAG114.
Results 1 to 7 of 7

Thread: disable SNMP on netgear FWAG114.

  1. #1
    Member
    Join Date
    Dec 2003
    Posts
    41

    disable SNMP on netgear FWAG114.

    Does anyone know how to disable SNMP on a netgear FWAG114.

    I am trying to configure the netgear FWAG114, and it looks like the SNMP is running but I cannot disable it anywhere in the configuration options. I searched through the manual and nothing is said about SNMP.
    On the other hand when I run Solar winds IP network Browser on my laptop to query network device information I get a nice list of all of the snmp related info about the netgear router. I do not want to display this to thewireless user connected to the router.
    Interesting thing is that nmap UDP scan does not show anything running on SNMP port (UDP161). Could this be because the netgear is configured to drop ICMPs by default?

    Thanks,

    Petar

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Your device doesn't have SNMP capabilities. Are you sure you are not seeing syslog messages wizzing by?
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Member
    Join Date
    Dec 2003
    Posts
    41
    I use the snmp commands to itterate through the MIB. Windump shows a whole bunch of GetRequests and GetRepplies. Looking at windump and how Solar Winds IP network browser queries the info I even managed to fgure out how top pass the SNMPUtil parameters.
    Unless you can query the syslog messages using snmp get and getnext, I think I am looking at MIB.
    Anyway, I'll try to talk to the tech support.

  4. #4
    Member
    Join Date
    Dec 2003
    Posts
    41
    According to the polite Indidan guy its impossible.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Hmm. Interesting. Care to dump some data that you captured in this thread?
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Member
    Join Date
    Dec 2003
    Posts
    41
    Here, This is a trace from using the IP network browser. did you also want the hex dump?
    I am trying to get a utility to allow me to set values using SNMPSet.

    C:\>windump -i 2 -n -l host (192.168.100.100 and 192.168.100.200)
    windump: listening on \Device\NPF_{2119C0E4-E140-418B-A08B-0A2F995A67D8}
    16:24:04.864411 IP 192.168.100.200.1258 > 192.168.100.100.161: GetNextRequest(26) .1.3.6.1.2.1.6.13.1.1
    16:24:04.868569 IP 192.168.100.100.161 > 192.168.100.200.1258: GetResponse(37) .1.3.6.1.2.1.6.13.1.1.0.0.0.0.23.0.0.0.0.0=2
    16:24:12.085041 IP 192.168.100.200.1259 > 192.168.100.100.161: GetNextRequest(24) .1.3.6.1.2.1.1.1
    16:24:12.089350 IP 192.168.100.100.161 > 192.168.100.200.1259: GetResponse(39) .1.3.6.1.2.1.1.1.0="Netgear ProSaf"
    16:24:23.040152 IP 192.168.100.200.1260 > 192.168.100.100.161: GetNextRequest(24) .1.3.6.1.2.1.1.0
    16:24:23.044843 IP 192.168.100.100.161 > 192.168.100.200.1260: GetResponse(39) .1.3.6.1.2.1.1.1.0="Netgear ProSaf"
    16:24:31.769387 IP 192.168.100.200.1261 > 192.168.100.100.161: GetNextRequest(24) .1.3.6.1.2.1.1.2
    16:24:31.773370 IP 192.168.100.100.161 > 192.168.100.200.1261: GetResponse(31) .1.3.6.1.2.1.1.2.0=.1.3.6.1.4.1.0
    16:24:40.281856 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.1.5.0
    16:24:40.286138 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(25) .1.3.6.1.2.1.1.5.0=""
    16:24:40.290308 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.1.1.0
    16:24:40.293716 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(39) .1.3.6.1.2.1.1.1.0="Netgear ProSaf"
    16:24:40.297451 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.1.4.0
    16:24:40.300763 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(39) .1.3.6.1.2.1.1.4.0="http://www.net"
    16:24:40.304738 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.1.6.0
    16:24:40.307406 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(25) .1.3.6.1.2.1.1.6.0=""
    16:24:40.310901 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.1.2.0
    16:24:40.313590 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(31) .1.3.6.1.2.1.1.2.0=.1.3.6.1.4.1.0
    16:24:40.317128 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.1.3.0
    16:24:40.323315 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(29) .1.3.6.1.2.1.1.3.0=10051061
    16:24:40.326753 IP 192.168.100.200.1248 > 192.168.100.100.161: GetRequest(25) .1.3.6.1.2.1.4.1.0
    16:24:40.329508 IP 192.168.100.100.161 > 192.168.100.200.1248: GetResponse(26) .1.3.6.1.2.1.4.1.0=1

  7. #7
    Junior Member
    Join Date
    Apr 2004
    Posts
    1
    Is this thread still alive?

    I just finished sending an e-mail to Netgear tech support about this. I've confirmed the same behaviour on my FWAG114.

    I was able to also do an SNMPset on the device from the inside interface, so this seems like a pretty big security vulnerability for this product given there doesn't seem to be any ability to change community strings and /or turn the service off.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •