| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 4363.1 | | MOLAR::YAHEY::BOSE | | Sat Jan 09 1993 16:20 | 7 |
|
Set a write (or read-write) community name which only selected
people know about. You might be also able to provide set access
to only specific nodes (by providing a list of ip addresses with
write access while setting up communities).
Rahul.
|
| 4363.2 | But community names offer no security | FARMS::LYONS | Ahh, but fortunately, I have the key to escape reality. | Mon Jan 11 1993 12:30 | 4 |
| Of course, my SNMP Snooper will notice the set with community name and
log it for "future" reference, bypassing any attempt at security.
I can fake the packet with almost no problem, as IP has even less
security than DECnet.
|
| 4363.3 | Security? | MOLAR::CHRISB::BRIENEN | Network Management Applications! | Mon Jan 11 1993 12:58 | 7 |
| > Of course, my SNMP Snooper will notice the set with community name and
> log it for "future" reference, bypassing any attempt at security.
The above is trivial to do with DECnet, and only slightly more difficult
to do with LAT (the code exists). What's the point?
Chris
|
| 4363.4 | | FARMS::LYONS | Ahh, but fortunately, I have the key to escape reality. | Mon Jan 11 1993 14:46 | 4 |
| The point was (is, will be) that it is FAR easier to fake this stuff for an
IP network than for DECnet (its not exactly trivial for the DECnet case,
easy, but not trivial), so dont ever rely on the "secret" of a community name
for security with devices that support SNMP (and set operations).
|
| 4363.5 | | MOLAR::YAHEY::BOSE | | Mon Jan 11 1993 16:18 | 2 |
|
That's why they have SNMP V2.0.
|