snmp vuln
Alexei Roudnev
alex at relcom.net
Thu Apr 22 06:24:28 UTC 2004
If you ever read SNMP specs, you can realize, that there is not any C or C++
SNMP implementation without such problem. So, rule number 1 is _never
expose SNMP to Internet, and be careful to filter out any inbound packets,
forwarded to your SNMP ports.
It is easy to predict next SNMP problem in next 6 month, etc... Too
complicated protocol, implemented by (in most cases) less qualified
engineers (SNMP module is always of low priority, in any project - I never
saw an exception, and Cisco is not one).
// In reality, it is not problem at all... except for some clueless
providers.
----- Original Message -----
From: "Mikael Abrahamsson" <swmike at swm.pp.se>
To: <nanog at merit.edu>
Sent: Wednesday, April 21, 2004 2:40 AM
Subject: snmp vuln
>
>
> http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
>
> This one seems much worse than the TCP RST problem.
>
> --
> Mikael Abrahamsson email: swmike at swm.pp.se
>
More information about the NANOG
mailing list