Hi Vivi, I have removed the generation of the authenticationFailure trap in SNMP4J-Agent 1.3.1 to be more robust against DoS attacks. There is no benefit from having generated these traps.
Regards, Frank Vivi Zhang wrote: > Frank: > > The email was send Oct 28. I have not seen reply yet. Guess it got > lost. Let me try it again. > > I am trying to verify that SNMP4J will send out an authentication > failure notification when it receives an query with bad user name, or > bad password. Is there a way to verify the notification works with > SNMP4j test agent? > > I found a thread of conversation between you and Marek on: > http://fixunix.com/snmp/64320-wrong-authorization-alarm-trap-usm.html./ > "Indeed, AGENT++ did not generate authenticationFailure notifications > on usmWrongDigest and usmNotInTimeWindow failures. I have fixed that bug > and you can download the new version > <http://fixunix.com/#> from http://www.agentpp.com"; > <http://www.agentpp.com>/ > > I am using AgenPro 2.7.2, SNMP4J is version 1.9.3c, and SNMP4JAgent is > version 1.2.1d. Does this version contain your fix? Or this version > contains this bug? Is there any option I can choose during code > generation phase to make authentication failure notification? > > Could you explain which error codes will trigger the notification? > > Thanks for your help in advance. > > Vivi > > Vivi Zhang wrote: >> Frank: >> >> I wonder how to make a notification recipient receive an >> authenticationFailure notification when an agent received an query >> with bad user name or bad password. When agent receives a v2 query >> with bad community string, the api SNMPv2Mib:: incrementCounter() >> calls notify api and send out notifications. But when the agent >> receives a v3 query with bad username, no notification is send out. >> >> I am using : SNMP4J is version 1.9.3c, and SNMP4JAgent is version 1.2.1d. >> >> This is second question. According to CHANGES.txt on snmp4j site: >> >> [2009-07-30] v1.3.1 (Requires SNMP4J v1.10.1) >> .... >> * Improved: Authentication failure traps are no longer >> sent on usmNotInTimeWindow and usmUnknownEngineID >> reports. >> >> I am wondering why? If a user has a bad username, would that cause >> usmNotInTimeWindow error since the second part of discovery requires >> user credential? >> >> Thanks. >> >> Vivi >> >> >> > -- AGENT++ http://www.agentpp.com http://www.snmp4j.com http://www.mibexplorer.com http://www.mibdesigner.com _______________________________________________ SNMP4J mailing list [email protected] http://lists.agentpp.org/mailman/listinfo/snmp4j
