From owner-freebsd-questions  Wed Jul 23 11:55:15 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA06849
          for questions-outgoing; Wed, 23 Jul 1997 11:55:15 -0700 (PDT)
Received: from milehigh.denver.net (milehigh.denver.net [204.144.180.2])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA06841
          for <questions@FreeBSD.ORG>; Wed, 23 Jul 1997 11:55:12 -0700 (PDT)
Received: from localhost (jdc@localhost)
	by milehigh.denver.net (8.8.5/8.8.5) with SMTP id MAA12407;
	Wed, 23 Jul 1997 12:59:48 -0600 (MDT)
Date: Wed, 23 Jul 1997 12:59:48 -0600 (MDT)
From: John-David Childs <jdc@denver.net>
To: Khetan Gajjar <khetan@iafrica.com>
cc: questions@FreeBSD.ORG
Subject: Re: UCD-SNMPd
In-Reply-To: <Pine.BSF.3.95q.970723203556.10072d-100000@chain-gateway.iafrica.com>
Message-ID: <Pine.BSI.3.95.970723125655.10559H-100000@milehigh.denver.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 23 Jul 1997, Khetan Gajjar wrote:

> On Tue, 22 Jul 1997, John-David Childs wrote:
> 
> >It's wide open in the sense that if you're using SNMPv1 to monitor/query
> >devices outside your local LAN control, your SNMP packets could be sniffed.
> >A modicum of security is provided by having different read and write
> >community strings.  You could also use access lists/filters to control
> >packet source/destination.  Of course, neither of these is foolproof.
> 
> I'd like to remove the default public group, and basically only
> allow acccess from a couple of hosts. How do I do this ?

This is vendor dependent (i.e. read the documentation for the equipment in
question) and not really apropos to freebsd-questions.  But as an example,
you would do something like this for a Livingston Portmaster: 

	set snmp on
	set readcommunity MyReadCommunityString
	add snmphost reader W.X.Y.Z
--
> 
> Khetan Gajjar                         | khetan@iafrica.com (@ work)
> chain.iafrica.com/~khetan/            | khetan@os.org.za   (@ play)
> PGP : finger khetan@chain.iafrica.com | FreeBSD site - www.freebsd.os.org.za
> UUNET Internet Africa Support         | 0800-030-002 & help@iafrica.com
-- 

John-David Childs (JC612)       @denver.net/Internet-Coach
System Administrator            Enterprise Internet Solutions
  & Network Engineer            901 E 17th Ave, Denver 80218
Death is God's way of telling you not to be such a wise guy.