[ale] SNMP question

kschmidt at mindspring.com kschmidt at mindspring.com
Thu Jan 24 21:05:34 EST 2002



Actually, SNMPv3 addresses the insecurities in SNMPv1/v2. You not only can encrypt passwords (community strings), but you can also encrypt the data in the packets. It is also user-based, so you can give different users access to different parts of an agent's instrumentation.

Transam <transam at cavu.com> wrote:
> > Hi there, 

> OK. So I don't know much about SNMP but installed it and got it to work. I
> am using the default install and config. I set this up so I can run MRTG on
> the box. My question is, is running the default SNMP install unsafe? I have
> no idea where to start to configure it. I am using ucd-snmp-4.2.3

SNMP has lots of security problems of which the two most severe are:
  1. Many implementations have well-known default passwords.
  2. Uses UDP/IP which allows for easy spoofing.
  3. Sends passwords in clear text (dunno if anyone has fixed this).
  4. Unless you are using a decent Firewall config anyone on the Internet
     can try to use 1-3 to gain control of your systems.

> I have every intention of learning more about it and actually knowing how it
> is configured however that probally won't be for a while as I am studying
> for my CCNP exam so I don't have a lot of time...

> Thanks
> Ken

> ----------------------------------------------
> But I don't want to go among mad people,
> Alice remarked.
> Oh, you can't help that, said the Cat:
> we're all mad here. I'm mad. You're mad.
> How do you know I'm mad? said Alice.
> You must be, said the Cat,
> or you wouldn't have come here.

Bob Toxen
transam at cavu.com                       [Bob's ALE Bulk email]
bob at cavu.com                           [Please use for email to me]
http://www.cavu.com                    [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux Security"]
http://www.cavu.com/sunset.html        [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list