On Wed, May 5, 2010 at 11:02 PM, Robert Story <[email protected]> wrote:
> On Wed, 5 May 2010 19:12:40 +0530 Sudarshan wrote: > SS> The nessus scan (http://www.nessus.org/nessus/) indicates SNMP agent > is > SS> vulnerable since community name can be easily guessed. ( > SS> http://www.nessus.org/plugins/index.php?view=single&id=10264) > SS> > SS> Hence I tried to change the default community name (from public) as > below in > SS> snmpd.conf and the above vulnerability is not reported. > SS> com2sec notConfigUser default XYZ > > This helps against attackers guessing the community name, but anyone > between > your manager and your agent can still sniff traffic and see the community > string in plain text. > > SS> Please suggest, if there is another way to resolve this issue: > > The best way it not to use SNMP versions 1 or 2c, and use SNMP version 3 > instead. It's a little more complicated to set up, of course, but it's more > secure. > > Robert, Thanks very much for explanation. Can you also let me know why the community name change doesn't work for ucd-snmp-4.2 version. Essentially I am seeing the below command succeeds for any community name. Please suggest, if i am missing something. snmpwalk -v 1 -c whatever IP Regards, Pavan
------------------------------------------------------------------------------
_______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
