[mrtg] Re: mrtg of Cisco routers via Internet fails

Radick, Don (IHG) Tue, 11 May 2004 15:15:53 %z (MEST)

don't do this.
SNMP V1 (which is what MRTG / Perl uses) is insecure - 
if you can run SNMP (v1) to your Internet routers, then anyone
else can also, and Cisco SNMP has vulnerabilities.
(A cracker can get control of your router pretty easily)


ADVICE: you MUST run SNMP v3 for security, but MRTG / Perl 
does not support this:

>>MRTG does not support SNMP V3 because the perl module that Simon Leinen
>>wrote does not yet support SNMP V3.

>>There are plans to do this, but if you'd like to help I'm sure Simon would
>>appreciate it.
>>http://www.switch.ch/misc/leinen/snmp/perl/ 


hope this helps,
Don 


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 11, 2004 8:11 AM
To: [EMAIL PROTECTED]
Subject: [mrtg] mrtg of Cisco routers via Internet fails






Hi,

I monitor my network (cisco routers) with MRTG and it workes really
great...

But I have a problem with monitoring routers via Internet.

I have several Internet connection. Some or completely separated from our
main network.

So to monitor these routers, i have to go thru a firewall, on the internet,
to the other router.
(mrtg server --> firewall --> INTERNET --> router)

I always get the same error:
--base: Get Device Info on [EMAIL PROTECTED]:
SNMP Error:
no response received
SNMPv1_Session (remote host: "210.88.234.215" [210.88.234.215].161)
                  community: ""xxx"
                 request ID: -1222128975
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)
 at /usr/local/mrtg-2/bin/../lib/mrtg2/SNMP_util.pm line 570
SNMPWALK Problem for 1.3.6.1.2.1.1 on [EMAIL PROTECTED]
 at /usr/local/mrtg-2/bin/cfgmaker line 709


If a try a snmpget i get also "Timeout, no response from ..."

Now, I'm sure that the snmp settings on the router are correct. The router
is configured the same way as all my other routers.
The firewall settings are also correct. I get no deny's in the logs.

I've also tried changing the packetsize of the snmp-packets send by the
router, but it doesn't help....

Anybody any idea ?


thx,
tom

--
Unsubscribe mailto:[EMAIL PROTECTED]
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

--
Unsubscribe mailto:[EMAIL PROTECTED]
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

[mrtg] Re: mrtg of Cisco routers via Internet fails

Reply via email to