[geeks] snmp vunerabilities

geeks at sunhelp.org geeks at sunhelp.org
Wed Feb 13 07:00:37 CST 2002


Dude, I agree. However, we must admit that there are far too many weinies
calling themselves "network people". I cannot count how many times I have
seen SNMP enabled in network gear when there was no SNMP monitoring
happening. Worse, Most NetWeinies don't realize that the community names
(strings) are PASSWORDS! Most routers/etc. get snmp configured with the
default read-only string of "public" and read-write string of "private".

Even if SNMP-1 was reasonably secure, it should never be allowed on outside
interfaces and it would still need secure community strings.

~ -----Original Message-----
~ From: woods at weird.com [mailto:woods at weird.com]
~ Sent: Wednesday, February 13, 2002 2:10 AM
~ To: geeks at sunhelp.org
~ Subject: Re: [geeks] snmp vunerabilities
~ 
~ 
~ --- Bill Bradford <mrbill at mrbill.net> wrote:
~ > "oops"
~ > 
~ > http://www.cert.org/advisories/CA-2002-03.html
~ 
~ It's really sad this kind of bug needs this much attention to 
~ get fixed.
~ It has never been a good idea to leave SNMPv1 stuff publicly 
~ accessible,
~ unless you can guarantee you run them as a non-privileged 
~ user and that
~ they only give read-only access to information you consider to be
~ publicly available anyway.
<remainder snipped for brevity>



More information about the geeks mailing list