OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: snmp problems still alive...
From: Damir Rajnovic (drajnoviCISCO.COM)
Date: Tue Mar 14 2000 - 01:26:42 CST

Hello Monti,

At 22:49 13/03/2000 -0600, monti wrote:
>Correct me if I'm wrong... but my impression was that a community
>string was *always* required for snmp to work on IOS. That is, *if* you

I can not comment on this since I am not an expert in SNMP but I will
raise this question with our people who are experts.

>The problem I've seen is that things like 'setup' and other front-ends
>have been known to create a default of 'public'/'private' (not to mention
>network administrators have come to belive that this is just a matter of
>convention and mimic it, although I dont know if Cisco can be blamed for
>that).

Hey! Thank's for that! It is nice when you are not guilty!

>If anyone knows of an equivalent to 'no snmp-server' for PIX, please
>share! I'm unaware of a way to completely disable snmp, and have
>had to live with simply assigning very very long random strings for the
>community in many implementations.

I do not know how to disable it completely but I will add this to
my list of things to do. While on the subject, I am collecting things
for which we need to have on/off switches (like 'no snmp-server')
so if you people from the list do have any wishes in that respect
send them to me. However, I will reject mails like 'we want all' so
please try to be specific and be aware that I will ask for reasons
why.

Cheers,

Gaus
==============
Damir Rajnovic <psirtcisco.com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you
accept the solution?