[ale] SNMP question

Chris Fowler cfowler at outpostsentinel.com
Thu Jan 24 19:11:36 EST 2002


Are you refering to CNMP?  I never thought about the password issue.  I
never needed one to view the settings

Complex
Network
Management
Protocol


-----Original Message-----
From: Transam [mailto:transam at cavu.com]
To: ale at ale.org
Sent: Thursday, January 24, 2002 6:59 PM
To: kenn at refriedgeek.com
Cc: ale at ale.org
Subject: Re: [ale] SNMP question


> Hi there,

> OK. So I don't know much about SNMP but installed it and got it to work. I
> am using the default install and config. I set this up so I can run MRTG
on
> the box. My question is, is running the default SNMP install unsafe? I
have
> no idea where to start to configure it. I am using ucd-snmp-4.2.3

SNMP has lots of security problems of which the two most severe are:
  1. Many implementations have well-known default passwords.
  2. Uses UDP/IP which allows for easy spoofing.
  3. Sends passwords in clear text (dunno if anyone has fixed this).
  4. Unless you are using a decent Firewall config anyone on the Internet
     can try to use 1-3 to gain control of your systems.

> I have every intention of learning more about it and actually knowing how
it
> is configured however that probally won't be for a while as I am studying
> for my CCNP exam so I don't have a lot of time...

> Thanks
> Ken

> ----------------------------------------------
> But I don't want to go among mad people,
> Alice remarked.
> Oh, you can't help that, said the Cat:
> we're all mad here. I'm mad. You're mad.
> How do you know I'm mad? said Alice.
> You must be, said the Cat,
> or you wouldn't have come here.

Bob Toxen
transam at cavu.com                       [Bob's ALE Bulk email]
bob at cavu.com                           [Please use for email to me]
http://www.cavu.com                    [Network&Linux/Unix security
consulting]
http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux
Security"]
http://www.cavu.com/sunset.html        [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list