http://www.cert.org/advisories/CA-2002-03.html -- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben -- -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
On Tue, 12 Feb 2002, Alex Rubenstein wrote:
ASN.1 is pretty cool, but I've been wondering are there that many ISPs which allow external SNMP access to their equipment? SNMP is a UDP management protocol, and even under the best of conditions, accepting packets from out of the blue isn't a good idea. I guess we will find out in the next few hours (while many ISP network engineers are stuck in airports travelling back home).
On Tue, 12 Feb 2002 14:22:32 EST, Sean Donelan said:
ASN.1 is pretty cool, but I've been wondering are there that many ISPs which allow external SNMP access to their equipment? SNMP is a UDP management protocol, and even under the best of conditions, accepting packets from out of the blue isn't a good idea.
The *real* problem is that many *host* systems (Solaris, SGI, AIX, etc) have SNMP enabled by default. And remember that hosts outnumber routers by a considerable margin. The SANS Top20 listed SNMP as a "turn it off". It was in the Top10 list before that. Can I stop banging my head against the wall yet? -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
participants (3)
-
Alex Rubenstein
-
Sean Donelan
-
Valdis.Kletnieks@vt.edu