On Wed, 5 May 2010 19:12:40 +0530 Sudarshan wrote: SS> The nessus scan (http://www.nessus.org/nessus/) indicates SNMP agent is SS> vulnerable since community name can be easily guessed. ( SS> http://www.nessus.org/plugins/index.php?view=single&id=10264) SS> SS> Hence I tried to change the default community name (from public) as below in SS> snmpd.conf and the above vulnerability is not reported. SS> com2sec notConfigUser default XYZ
This helps against attackers guessing the community name, but anyone between your manager and your agent can still sniff traffic and see the community string in plain text. SS> Please suggest, if there is another way to resolve this issue: The best way it not to use SNMP versions 1 or 2c, and use SNMP version 3 instead. It's a little more complicated to set up, of course, but it's more secure. ------------------------------------------------------------------------------ _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
