Date: Wed, 23 Jul 1997 12:59:48 -0600 (MDT) From: John-David Childs <jdc@denver.net> To: Khetan Gajjar <khetan@iafrica.com> Cc: questions@FreeBSD.ORG Subject: Re: UCD-SNMPd Message-ID: <Pine.BSI.3.95.970723125655.10559H-100000@milehigh.denver.net> In-Reply-To: <Pine.BSF.3.95q.970723203556.10072d-100000@chain-gateway.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 23 Jul 1997, Khetan Gajjar wrote: > On Tue, 22 Jul 1997, John-David Childs wrote: > > >It's wide open in the sense that if you're using SNMPv1 to monitor/query > >devices outside your local LAN control, your SNMP packets could be sniffed. > >A modicum of security is provided by having different read and write > >community strings. You could also use access lists/filters to control > >packet source/destination. Of course, neither of these is foolproof. > > I'd like to remove the default public group, and basically only > allow acccess from a couple of hosts. How do I do this ? This is vendor dependent (i.e. read the documentation for the equipment in question) and not really apropos to freebsd-questions. But as an example, you would do something like this for a Livingston Portmaster: set snmp on set readcommunity MyReadCommunityString add snmphost reader W.X.Y.Z -- > > Khetan Gajjar | khetan@iafrica.com (@ work) > chain.iafrica.com/~khetan/ | khetan@os.org.za (@ play) > PGP : finger khetan@chain.iafrica.com | FreeBSD site - www.freebsd.os.org.za > UUNET Internet Africa Support | 0800-030-002 & help@iafrica.com -- John-David Childs (JC612) @denver.net/Internet-Coach System Administrator Enterprise Internet Solutions & Network Engineer 901 E 17th Ave, Denver 80218 Death is God's way of telling you not to be such a wise guy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970723125655.10559H-100000>