Gert Doering via cisco-nsp writes: > Hi, > On Mon, Sep 19, 2022 at 03:47:09PM +0300, Hank Nussbacher via cisco-nsp wrote: >> On 19/09/2022 15:40, Gert Doering wrote: > https://www.cisco.com/c/dam/en/us/support/docs/csa/cisco-sa-20010227-ios-snmp-ilmi.html
> [..] >> > That said, I tried to reproduce it on our boxes, and neither the ASR920 >> > nor the lone ASR1000 reponds to SNMP v1 or v2c queries with community >> > "ILMI", with nothing in the config to block it (same source host can >> > query with one of the configured SNMP communities). This is on IOS XE >> > 16.6.10 and 15.5(3)S10 respectively. Seems you need something extra. >> >> It is V3. Here is a Shodan snippet from one of dozens of alerts we get >> per day: > Good to know. Looking at shodan, I see that both types of devices here > are listed as well (ewww!). > So, need to figure out what the magic -v3 incantation of snmpget is > to make this work... (every time I tried v3 so far has led to > "more grey hair"). Yeah, I'd like to reproduce/understand that too. I actually remember both ILMI (in ATM, sigh) and SNMPv3. One of SNMPv3's distinguishing features is that it DOESN'T use community strings anymore. So I'm a bit confused as to what the problem is. Is there some implicit mapping from SNMPv1/2c communities to SNMPv3 usernames/passwords? Or are the Shodan reports referring to information leaks from SNMPv3 engine-ID discovery? (e.g. CSCtw74132) Cheers, -- Simon. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/