On Fri, 2005-12-09 at 07:40 -0800, Wes Hardaker wrote:
> traphandle's are used to trigger external processes....
> if someone can trigger a ton of them it'll increase the
> DoS possibilities
DoS is an obvious possibility, I grant you.
But is there any real difference between bombarding
the target system with:
> snmptrap -v 2c -c IAMEvil ...
and bombarding it with
snmptrap -v 2c -c public ...
?
> I'm expecting the type of code put into traphandles are quick scripts
> that aren't crafted from a security point of view where any old packet
> can trigger it.
But I still can't grasp how this could result in the target system
being "taken over" (as opposed to being driven into the ground).
Maybe this is a matter of differences in security terminology,
but I'd see "taking over" a system as being the ability to run
arbitrary or unexpected commands - rather than a DoS attack.
> Authenticated and authorized packets are much more
> likely to conform to the processing rules the script will expect.
Don't authenticated requests inherently require explicit configuration
anyway (in order to set up the relevant users)? As far as
disableAuthorization" is concerned, it can only ever be relevant
to unauthenticated requests, IIUK.
Dave
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
