lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: lee.e.rian at census.gov (lee.e.rian@...sus.gov)
Subject: on topic - cisco snmp

If you follow Cisco's suggested work-around for SNMP causes high CPU
utilization you might be exposing the write community string.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800948e6.shtml
has the following instructions:

   To avoid performance issues, force the router to prematurely end queries
   for the route table from the network management system server. Configure
   the router to respond with a complete message as soon as it receives the
   start of a request for the route table, as follows:
   snmp-server view cutdown internet included
   snmp-server view cutdown ipRouteTable excluded
   snmp-server view cutdown ipNetToMediaTable excluded
   snmp-server view cutdown at excluded
   snmp-server community public view cutdown RO
   snmp-server community private view cutdown RW

The problem is that the View-based Access Control MIB is now included in
the read-only view:
snmpwalk -c public -v 2c c800 vacmAccessWriteViewName
.iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."public"."".1.noAuthNoPriv
 =
.iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."public"."".2.noAuthNoPriv
 =
.iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."private"."".1.noAuthNoPriv
 = cutdown
.iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName."private"."".2.noAuthNoPriv
 = cutdown

Fix is to remove the Vacm MIB from the view by adding
snmp-server view cutdown internet.6.3.16 excluded

c800#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
c800(config)#snmp-server view cutdown internet.6.3.16 excluded
c800(config)#end
c800#

snmpwalk -c public -v 2c c800 vacmAccessWriteViewName
.iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBObjects.vacmAccessTable.vacmAccessEntry.vacmAccessWriteViewName
 = No more variables left in this MIB View


Lee

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ