Re: snmp problems still alive...

[drajnovi () CISCO COM (Damir Rajnovic)]

Hello Monti,

At 22:49 13/03/2000 -0600, monti wrote:
> Correct me if I'm wrong... but my impression was that a community
> string was *always* required for snmp to work on IOS. That is, *if* you

I can not comment on this since I am not an expert in SNMP but I will
raise this question with our people who are experts.

> The problem I've seen is that things like 'setup' and other front-ends
> have been known to create a default of 'public'/'private' (not to mention
> network administrators have come to belive that this is just a matter of
> convention and mimic it, although I dont know if Cisco can be blamed for
> that).

Hey! Thank's for that! It is nice when you are not guilty!

> If anyone knows of an equivalent to 'no snmp-server' for PIX, please
> share! I'm unaware of a way to completely disable snmp, and have
> had to live with simply assigning very very long random strings for the
> community in many implementations.

I do not know how to disable it completely but I will add this to
my list of things to do. While on the subject, I am collecting things
for which we need to have on/off switches (like 'no snmp-server')
so if you people from the list do have any wishes in that respect
send them to me. However, I will reject mails like 'we want all' so
please try to be specific and be aware that I will ask for reasons
why.

Cheers,

Gaus
==============
Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you
accept the solution?