P.S. Don't set your router and Openview communities to the
same values.
Gary Flynn wrote:
>
> married wrote:
> >
> > First time question to the list. Hopefully it is clear. If more info is required,
>let me know.
> >
> > A cisco rouer managed by an HP OpenView box gets compromised. The person who
>compromised the router now has the RO and RW community string of the OpenView box.
>Can the OV box now be compromised from the Cisco router? Can any information be
>gleaned now from the OV box about the networks it manages...?
>
> I'm not sure. Take a look at the Openview MIBS. I remember some counters
> for the event queue. Also take a look at the host MIB which also
> probably exists on your Openview platform. At the very least,
> it would provide things like your disk architecture, active users,
> and running processes.
>
> Depending upon your platform, you may be able to set configuration files
> so only authorized hosts are allowed SNMP access (assuming you need external
> SNMP access to your management station). If you don't need SNMP
> access to your management station, turn the service off. For management
> purposes, you should only need to accept SNMP traps and perform
> SNMP queries. I can't think of a reason for an external box performing
> SNMP queries on the management station except for another management
> station :)
>
> Gary Flynn
> Security Engineer (former network manager)
> James Madison University
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
