>>>>> On Fri, 09 Dec 2005 15:59:46 +0000, Dave Shield <[EMAIL PROTECTED]> said:
Dave> But is there any real difference between bombarding Dave> the target system with: >> snmptrap -v 2c -c IAMEvil ... Dave> and bombarding it with Dave> snmptrap -v 2c -c public ... Dave> ? Not when you accept everything, which is why accepting everything is evil! >> I'm expecting the type of code put into traphandles are quick scripts >> that aren't crafted from a security point of view where any old packet >> can trigger it. Dave> But I still can't grasp how this could result in the target system Dave> being "taken over" (as opposed to being driven into the ground). Dave> Maybe this is a matter of differences in security terminology, Dave> but I'd see "taking over" a system as being the ability to run Dave> arbitrary or unexpected commands - rather than a DoS attack. I'd expect scripts that some script that are poorly written would allow an attacker to execute arbitrary commands. I can't give you a concrete example, because I don't have one because I'm rather particular about how I write scripts that accept arbitrary input (but I'm very aware I make mistakes too and thus would still not likely to accept unauthorized traps). >> Authenticated and authorized packets are much more >> likely to conform to the processing rules the script will expect. Dave> Don't authenticated requests inherently require explicit configuration Dave> anyway (in order to set up the relevant users)? Not if it's community based. SNMPv1/v2c communities is a form of authentication. Pitiful authentication, but authentication none the less. -- Wes Hardaker Sparta, Inc. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
