Re: [squid-users] SNMP vulnerabilities?

From: Brian E. Seppanen <[email protected]>
Date: Wed, 13 Feb 2002 12:00:44 -0500 (EST)

On Tue, 12 Feb 2002, Adrian Chadd wrote:

> On Wed, Feb 13, 2002, Roy Duncan wrote:
> >
> > Greetings,
> >
> > In the light of recent security issues with SNMP implementations
> > (e.g. http://www.cert.org/advisories/CA-2002-03.html),
> > can anyone advise as to whether squid's SNMP code is vulnerable
> > to these sorts of DoS attacks?
> >
>
> We're working through them right now, and will publish patches
> and updated distributions when they are available.
>
> For now, please follow the general suggestion which has been to
> disable SNMP if possible, or heavily filter SNMP in your network
> if its not possible.

I would assume that a proper acl in the config would minimize the possible
exposures to any vulnerability. Preventing someone from spoofing the
packets is another issue entirely.

acl mysnmp 192.168.1.0/32
acl snmpublic snmp_community mycommunity
snmp_port 3401
snmp_access allow snmppublic mysnmp
snmp_access deny all

Of course changing the port to something non-standard minimizes the
impact as well.

Hope that helps.

Brian Seppanen
seppy@chartermi.net
906-228-4226 ext 23
Area 54: The Secret Government Disco Labs in Provo Utah
Received on Wed Feb 13 2002 - 10:00:46 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:21 MST