There have been numerous reports that Linux templates used to build virtual machines have SNMP service enabled by default. This is leaving the machine open to receive spoofed SNMP queries which can result in the machine participating in DDoS attacks against the spoofed IP address.
We are working on updating our templates to have SNMP disabled by default so this does not happen. While this process may take time to deploy at all locations here is what you can do to eliminate this problem on your virtual machines.
If not using SNMP on your machine you can disable the SNMP daemon by running the following commands
- /etc/init.d/snmpd stop
- chkconfig --level 2345 snmpd off
- service snmpd stop
- update-rc.d snmpd stop 80 0 1 2 3 4 5 6
As an added measure of security you can use the virtual machine firewall tool to block snmp traffic. To block snmp traffic you will want to set up a firewall rule that drops traffic on port 161 on both udp and tcp protocols. More information on setting firewall rules for a virtual machine can be found at https://docs.onapp.com/display/35AG/Set+Virtual+Server+Firewall+Rules