snmp vuln

• Previous message (by thread): snmp vuln
• Next message (by thread): snmp vuln
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you ever read SNMP specs, you can realize, that there is not any C or C++
SNMP  implementation without such problem. So, rule number 1 is _never
expose SNMP to Internet, and be careful to filter out any inbound packets,
forwarded to your SNMP ports.

It is easy to predict next SNMP problem in next 6 month, etc... Too
complicated protocol, implemented by (in most cases) less qualified
engineers (SNMP module is always of low priority, in any project - I never
saw an exception, and Cisco is not one).

// In reality, it is not problem at all... except for some clueless
providers.




----- Original Message ----- 
From: "Mikael Abrahamsson" <swmike at swm.pp.se>
To: <nanog at merit.edu>
Sent: Wednesday, April 21, 2004 2:40 AM
Subject: snmp vuln


>
>
> http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
>
> This one seems much worse than the TCP RST problem.
>
> -- 
> Mikael Abrahamsson    email: swmike at swm.pp.se
>

• Previous message (by thread): snmp vuln
• Next message (by thread): snmp vuln
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]