Hallo Jesper,
The SNMP uses comunities to identify the user and is not well suited to
unauthorised access to firewall information. Any leakage of information
concerning the firewall as configuration, traffic monitoring etc should be
considered to be exposures. Therefore, the SNMP is completely unacceptable
as firewall monitoring tool. You don�t need to configure the firewall via
the SNMP, the firewall is already compromised by the SNMP due to evident
leaks of cleartext information while communicating with a SNMP client. So do
not even think a though about using the SNMP as a firewall monitoring tool.
This is not serious and I hope that no one will deliver firewall
software/hardware with such exposures of information!
Regards,
Axel
-----Original Message-----
From: Jesper Wall [mailto:[EMAIL PROTECTED]]
Sent: den 5 september 2000 13:40
To: Firewalls (E-mail)
Subject: SNMP on firewalls
Hi!
Is it a stupid thing to use SNMP in read only mode on a firewall?
I have a feeling that SNMP can be compromised, even if you run it in read
only mode. Or?
/Jesper
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
