married wrote:
>
> First time question to the list. Hopefully it is clear. If more info is required,
>let me know.
>
> A cisco rouer managed by an HP OpenView box gets compromised. The person who
>compromised the router now has the RO and RW community string of the OpenView box.
>Can the OV box now be compromised from the Cisco router? Can any information be
>gleaned now from the OV box about the networks it manages...?
I'm not sure. Take a look at the Openview MIBS. I remember some counters
for the event queue. Also take a look at the host MIB which also
probably exists on your Openview platform. At the very least,
it would provide things like your disk architecture, active users,
and running processes.
Depending upon your platform, you may be able to set configuration files
so only authorized hosts are allowed SNMP access (assuming you need external
SNMP access to your management station). If you don't need SNMP
access to your management station, turn the service off. For management
purposes, you should only need to accept SNMP traps and perform
SNMP queries. I can't think of a reason for an external box performing
SNMP queries on the management station except for another management
station :)
Gary Flynn
Security Engineer (former network manager)
James Madison University
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
