From owner-freebsd-questions Tue Jul 22 15:03:47 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA02018 for questions-outgoing; Tue, 22 Jul 1997 15:03:47 -0700 (PDT) Received: from milehigh.denver.net (milehigh.denver.net [204.144.180.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA02011 for ; Tue, 22 Jul 1997 15:03:42 -0700 (PDT) Received: from localhost (jdc@localhost) by milehigh.denver.net (8.8.5/8.8.5) with SMTP id QAA20886; Tue, 22 Jul 1997 16:07:34 -0600 (MDT) Date: Tue, 22 Jul 1997 16:07:34 -0600 (MDT) From: John-David Childs To: Khetan Gajjar cc: questions@FreeBSD.ORG Subject: Re: UCD-SNMPd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 22 Jul 1997, Khetan Gajjar wrote: > Hi. > > I've just installed ucd-snmp, and am using it in conjunction with mrtg > to graph system bandwidth (as described in a earlier thread). I'm > curious as to how to "secure" the snmpd, because as I understand it, > right now it's wide open. > It's wide open in the sense that if you're using SNMPv1 to monitor/query devices outside your local LAN control, your SNMP packets could be sniffed. A modicum of security is provided by having different read and write community strings. You could also use access lists/filters to control packet source/destination. Of course, neither of these is foolproof. SNMPvSEC is supposed to provide encryption of the community-strings (and possibly the SNMP packet itself), but I haven't done enough homework to speak authoritatively on the subject. -- John-David Childs (JC612) @denver.net/Internet-Coach System Administrator Enterprise Internet Solutions & Network Engineer 901 E 17th Ave, Denver 80218 Westheimer's Discovery: A couple of months in the laboratory can frequently save a couple of hours in the library.