Hi there,
I just tested it on the Nokia with a different community string and
nothing happens, it does not seem to affect it, just as well, I guess. A
little broken is still broken though :)
bobby:~$ snmpwalk -p 260 -v 1 nokia pubic
Timeout: No Response from nokia
bobby:~$ snmpwalk -p 260 -v 1 nokia public
system.sysDescr.0 = i386 FreeBSD 2.1.5. Check Point FireWall-1 Version
4.0
system.sysObjectID.0 = OID: enterprises.2620.1.1
Timeout: No Response from nokia
bobby:~$
Take care,
Xander
"Aylton Souza,CISSP" wrote:
>
> Olaf,
>
> Could you please confirm if this happens even if you do not rely on the
> correct snmp community string?
>
> BTW, this is one more argument to block snmp (AKA Security Not My
> Problem)....
>
> Best wishes
>
> Aylton
<snip snip>
</snip snip>
> >I've just cross checked against 4.1 Build 41603 [VPN + DES + STRONG]
> >on Solaris 7. Instead of crashing like on your Nokia box the snmpd
> >on the Sun goes to 100% cpu utilisation. However, the result is the
> >same: snmpd doesn't answer snmp request any longer and you've to kill
> >this beast manually if you don't want your firewall to run with 100%
> >cpu load forever.
> >
> >Maybe it would be a great idea if all CP r&d folks wasting their time
> >writing license verification code would join the bugfix team ;-)
> >
> >Olaf
--
eval "perl -e 'printf(\"%s\", pack \"H*\",
\"436f6d706574612049542042560\
9097c0958616e64657240436f6d706574612e636f6d0a0909097c0958616e64657240536\
f6c646161742e636f6d0a74656c3a2030362d323239392035393330097c0958616e64657\
25340696e65742e6b706e2e636f6d0a\")'"
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
