[45697] in North American Network Operators' Group
Re: it's here
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Feb 12 14:33:55 2002
Message-Id: <200202121933.g1CJXGVj000490@foo-bar-baz.cc.vt.edu>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 12 Feb 2002 14:22:32 EST."
<Pine.GSO.4.40.0202121417380.8225-100000@clifden.donelan.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1826891820P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 12 Feb 2002 14:33:16 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1826891820P
Content-Type: text/plain; charset=us-ascii
On Tue, 12 Feb 2002 14:22:32 EST, Sean Donelan said:
> ASN.1 is pretty cool, but I've been wondering are there that
> many ISPs which allow external SNMP access to their equipment?
> SNMP is a UDP management protocol, and even under the best of
> conditions, accepting packets from out of the blue isn't a good
> idea.
The *real* problem is that many *host* systems (Solaris, SGI, AIX,
etc) have SNMP enabled by default. And remember that hosts outnumber
routers by a considerable margin.
The SANS Top20 listed SNMP as a "turn it off". It was in the Top10 list
before that.
Can I stop banging my head against the wall yet?
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_1826891820P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8aW38cC3lWbTT17ARAkDcAKCw53BAF/Wq3cvgZM2U7PdJwy8AcACgz0LL
1tHUQ8myrpq8967PsxcZhzQ=
=6icx
-----END PGP SIGNATURE-----
--==_Exmh_1826891820P--
