Re: snmp vuln

["Alexei Roudnev" <alex () relcom net>]

If you ever read SNMP specs, you can realize, that there is not any C or C++
SNMP  implementation without such problem. So, rule number 1 is _never
expose SNMP to Internet, and be careful to filter out any inbound packets,
forwarded to your SNMP ports.

It is easy to predict next SNMP problem in next 6 month, etc... Too
complicated protocol, implemented by (in most cases) less qualified
engineers (SNMP module is always of low priority, in any project - I never
saw an exception, and Cisco is not one).

// In reality, it is not problem at all... except for some clueless
providers.




----- Original Message ----- 
From: "Mikael Abrahamsson" <swmike () swm pp se>
To: <nanog () merit edu>
Sent: Wednesday, April 21, 2004 2:40 AM
Subject: snmp vuln


> http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
>
> This one seems much worse than the TCP RST problem.
>
> -- 
> Mikael Abrahamsson    email: swmike () swm pp se