SCOUG Logo


Next Meeting: Sat, TBD
Meeting Directions

Be a Member
Join SCOUG

Navigation:


Help with Searching

20 Most Recent Documents
Search Archives
Index by date, title, author, category.

Features:

Mr. Know-It-All
Ink
Download!




SCOUG:

Home

Email Lists

SIGs (Internet, General Interest, Programming, Network, more..)

Online Chats

Business

Past Presentations

Credits

Submissions

Contact SCOUG

Copyright SCOUG


warp expowest
Pictures from Sept. 1999
The views expressed in articles on this site are those of their authors.

warptech
SCOUG was there!

Copyright 1998-2024, Southern California OS/2 User Group. ALL RIGHTS RESERVED.

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.

The Southern California OS/2 User Group
USA

SCOUG-Programming Mailing List Archives

Return to [ 14 | February | 2002 ]

Date: Thu, 14 Feb 2002 06:09:22 PST7
From: dallas_kincyb <dallasii@kincyb.com >
Reply-To: scoug-programming@scoug.com
To: oclug@oclug.org
Subject: SCOUG-Programming: The SNMP crank speaks out...

Content Type: text/plain

(Posting to OCLUG@OCLUG.org list and possibly some others.
Feel free to forward if you think it's of value to anyone.
Pertinent URLs:
http://www.kb.cert.org/vuls/id/854306
http://www.cert.org/advisories/CA-2002-03.html
http://news.com.com/2100-1001-835602.html
http://www.theregister.co.uk/content/4/24042.html
)

I was noticing all the posts for the mailing list tonight
while looking over the digest, so I thought I should
speak out on the SNMP CERT issue.
OCLUG was one of the few I'm on the mailing list for I
didn't give my SNMP talk to, sharing my SNMP experience
while working in Phoenix.
Apologies if anyone feels I'm insulting their intelligence
with old news or the obvious, but just felt I should
spout off my thoughts on something I know a little about.

0) The items I saw were mainly warnings about potential
problems, not of any exploits actually in use.
This may have changed by the time you read this,
maybe I missed something.
Anyway, *calmly* take appropriate action.

1) The main CERT announcement pointed out the first
line of defense on this stuff is 'the perimeter',
i.e. your firewall. If you don't have one,
get to work installing one. If you don't have all UDP
blocked from outside your local network,
add some rules to make sure ports 161 and 162 UDP are
blocked from outside access.
They mentioned some others in the announcement,
but from what I could tell you'd have to be running
some pretty exotic hardware/software for the others
to be of any significance.
To get blunt about it, leaving these open
to strangers located wherever is foolish.

2) If you can access any hardware devices via
telnet/ssh/www etc. to configure them, hunt through
and make sure any page/menus etc.
that allow setting SNMP 'community strings'
are changed away from the defaults.
These are really passwords, and all of them,
including any for 'read-only' access are sensible
passwords, not the defaults.
Change these even if you never intend to use SNMP
to configure or monitor the hardware.
(see quote below.)
Even before this latest alert, SNMP had quietly made it into
the CERT top 10 exploits according to an note in
Linux Journal a year or so ago.

3) As they pointed out, you may want to check into
alternate network to configure/monitor things.
There may be ways to deacitvate SNMP if you aren't using it -
check whatever configuration scheme you may use to see if this
can be done.

4) By all means apply any patches/updates released.
This should be the last line of defense though.

As Sun Tzu pointed out in 'The Art of War',
if you are waging war on someone only a fool
is stingy about paying for 'spies' (intelligence):

'Therefore I say: 'Know the enemy and yourself,
in a hundred battles you will never be in peril.
When you are ignorant of the enemy but know yourself,
your chances of winning or losing are equal.
If ignorant of your enemy and of yourself,
you are certain in every battle to be in peril.'
-- trans. by Brig. Gen. Samuel B. Griffith, USMC

Hopefully there's nothing new for the people on this mailing
list, and this is of help if there was.

You may now resume your normally scheduled program viewing. :-)

Regards,
Dallas E. Legan II / leganii@surfree.com / dallasii@kincyb.com

Powered by......Lynx, the Internet at hyperkinetic speed.

=====================================================

To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-programming".

For problems, contact the list owner at
"rollin@scoug.com".

=====================================================

Return to [ 14 | February | 2002 ]

The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA

Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS RESERVED.

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.