Menu
▾
▴
Re: [Netdisco] Security issue: Sending SNMP strings to all CDP devices
|
From: Bill F. <fe...@gm...> - 2006-03-07 23:28:26
|
On 3/7/06, Tristan RHODES <Tri...@we...> wrote: > Thanks for your reply. We were just discussing SNMPv3, to see if that > solves the problem by encrypting the "password". Does anyone on the > mailing list have any information on this? I'm experimenting with SNMPv3 with netdisco. SNMP::Info supports it fine, so it's just a matter of passing the right parameters for SNMPv3, and yes, if you use authNoPriv or authPriv then an attacker observing the requests cannot gain authenticated access. I haven't done any implementation yet because in my tests, it's not clear how (if) Cisco Community Indexing works, since there is no community. The Entity MIB supports multiple context IDs for this purpose, but on my current test box all of the context IDs are the same, meaning that the MIB is implemented wrong (or I am doing something wrong). Since in my current infrastructure doing community indexing to get VLAN info is more important than SNMPv3 support, I haven't done any of the actual SNMPv3 work yet. Bill |
