[69942] in North American Network Operators' Group
Re: snmp vuln
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Thu Apr 22 02:24:53 2004
From: "Alexei Roudnev" <alex@relcom.net>
To: "Mikael Abrahamsson" <swmike@swm.pp.se>, <nanog@merit.edu>
Date: Wed, 21 Apr 2004 23:24:28 -0700
Errors-To: owner-nanog-outgoing@merit.edu
If you ever read SNMP specs, you can realize, that there is not any C or C++
SNMP implementation without such problem. So, rule number 1 is _never
expose SNMP to Internet, and be careful to filter out any inbound packets,
forwarded to your SNMP ports.
It is easy to predict next SNMP problem in next 6 month, etc... Too
complicated protocol, implemented by (in most cases) less qualified
engineers (SNMP module is always of low priority, in any project - I never
saw an exception, and Cisco is not one).
// In reality, it is not problem at all... except for some clueless
providers.
----- Original Message -----
From: "Mikael Abrahamsson" <swmike@swm.pp.se>
To: <nanog@merit.edu>
Sent: Wednesday, April 21, 2004 2:40 AM
Subject: snmp vuln
>
>
> http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
>
> This one seems much worse than the TCP RST problem.
>
> --
> Mikael Abrahamsson email: swmike@swm.pp.se
>
