Security Incidents mailing list archives
Re: Windows 2k SNMP Wonkiness Poll
From: Eric Brandwine <ericb () UU NET>
Date: 13 Feb 2002 23:21:33 +0000
"fj" == Filip Jonckers <fjonckers () Interconnect be> writes:
Having the service installed and having it running are two different things. fj> A lot of server installations NEED snmp service installed... fj> let me give an example: fj> Compaq Proliant servers installed with NT/win2K should be fj> running Compaq Insight Agents which are software agents fj> to monitor/manage the Compaq hardware fj> Compaq Insight Manager software is used to poll fj> the status of the agents (using SNMP and some other ports) fj> problems with hard disk, memory, backplane, temperature .... fj> can be seen before the major crash happens These should all be traps. Sending a trap is always safe. You might want to take a good look at your trap host, but your clients are OK. fj> Stuff like this are vital in an environment with dozens of Proliant fj> servers installed We've got thousands of deployed servers. We're scared. fj> the same for unix or other environments .... UNIX mostly. We're taking a good close look at our trap hosts, and for some large commercial packages, we're implementing a trap proxy based on the latest (non-vulnerable) UCD-SNMP package. It's not a lot of code, and will protect the things we cannot upgrade or patch. There is no NEED. You need to do business and make money more than you need SNMP. Evaluate what SNMP means to you (and seperate out polling vs. trapping), and determine what the consequences are of losing either or both. Your network will not stop dead if you turn off SNMP, it just won't run as smoothly. You'll have to work harder, and outages (if any) will be more severe. Also, I don't recall the results of our Windoze testing, but I believe that most versions are only vulnerable if the attacker knows the community string. Don't trust me on that, verify it for yourself, but if so, go change your strings now. That'll help out. If you're using public/private, you've got problems. ericb -- Eric Brandwine | Better to remain silent and be thought a fool than to UUNetwork Security | speak out and remove all doubt. ericb () uu net | +1 703 886 6038 | - Silvan Engel Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Windows 2k SNMP Wonkiness Poll Davis Ray Sickmon, Jr (Feb 13)
- <Possible follow-ups>
- RE: Windows 2k SNMP Wonkiness Poll Filip Jonckers (Feb 13)
- Re: Windows 2k SNMP Wonkiness Poll Eric Brandwine (Feb 13)
- Re: Windows 2k SNMP Wonkiness Poll Valdis . Kletnieks (Feb 14)