[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: COPS vs. SNMP

To: "Durham, David" <david.durham@intel.com>, "'Tricha Anjali'" <tricha@ece.gatech.edu>, rap@ops.ietf.org
Subject: Re: COPS vs. SNMP
From: David Partain <David.Partain@ericsson.com>
Date: Tue, 26 Feb 2002 12:45:26 +0100
Cc: "Ian F. Akyildiz" <ian@ece.gatech.edu>
In-reply-to: <10C8636AE359D4119118009027AE99870DA5DE2E@FMSMSX34>
References: <10C8636AE359D4119118009027AE99870DA5DE2E@FMSMSX34>

Hi all,

On Monday 25 February 2002 19.31, Durham, David wrote:
> I'm interested in what the industry adoption of SNMPConf is/will be.

As co-chair of SNMPCONF, so am I :-)

> Particularly given that CERT is already advising that administrators TURN
> SNMP OFF! Eg. SNMP is currently undergoing a maelstrom of CERT advisories
> and other bad press due to its
> troubling susceptibilities.

I'm very surprised that you would use FUD as a tool for pushing
COPS-PR.  Whether you like SNMP or not, using buffer overflow
problems in (some) SNMP agent implementations to do so seems
pretty ridiculous.

To set the record straight:

  - CERT didn't anything about the SNMP protocol

    That being said, there is NO ONE who thinks that SNMPv1 or
    SNMPv2c is secure.  The SNMP community is/has been pushing
    SNMPv3, which is on the brink of being Standard.

  - What CERT _did_ issue was an advisory about various security
    vulnerabilities in some SNMP implementations.  These
    vulnerabilities were brought to light by a group of
    researchers in Finland who created a set of test tools which
    send pretty whacked-out SNMP packets.  In some cases, the
    agents went belly-up when they got the packets.  In some
    cases, there is a risk that the agent will scribble on memory
    that it shouldn't.  Read the advisory (see below).

    There's no one saying that this is not a problem, but it's
    nothing more than Yet Another Buffer Overflow security
    problem.

To the best of my knowledge, no one's launched such a set
of tests against the COPS implementations.  Are you saying
that if some of these implementations go belly-up and have
buffer overflow problems that this will mean that COPS is an
inappropriate technology for configuration?

> Now just imagine allowing people to actually
> download viruses and worms via SNMPConf PM MIB's Scripts.

Pardon me, but where in the heck did that come from?  Assuming
secure authentication using SNMPv3 (which everyone is), in what
way do you mean that SNMPCONF would be enabling the spread of
viruses and worms?

> http://www.internetwk.com/story/INW20020213S0002

This, and many other articles in the press, just don't Get It.
They say "vulnerabilities that have been discovered in the
Simple Network Management Protocol (SNMP)", which is just wrong.

May I suggest that those who want to understand
should look at the CERT advisory instead of reading
incorrect interpretations by the press.  The advisory is at
http://www.cert.org/advisories/CA-2002-03.html and plainly says,
"Multiple Vulnerabilities in Many Implementations of the Simple
Network Management Protocol (SNMP)".  It says absolutely nothing
about "vulnerabilities ... in SNMP".  You'll also note that it
specifically talks about SNMPv1.

Now, back to your favorite "my protocol is prettier than your
protocol" discussion.

Cheers,

dlp

References:
- RE: COPS vs. SNMP
  - From: "Durham, David" <david.durham@intel.com>

Prev by Date: RE: COPS vs. SNMP
Next by Date: Re: COPS vs. SNMP
Previous by thread: RE: COPS vs. SNMP
Next by thread: RE: COPS vs. SNMP
Index(es):
- Date
- Thread