Kudos to Wes. He put this well.
SNMPv1 and SNMPv2c were not designed with
security in mind (obviously, with a plain-text
community string in every packet). The community
string is used to identify in which context
management data is to be returned.
There is a long and sad history about what
happened with attempts to secure SNMPv2. In
the long run, it just didn't happen.
SNMPv3, now, is another story. There have been
concerns that its current privacy model (DES)
is insufficient, but there have been no
concerns expressed (that I am aware of) about
its authentication model.
Re:Bogus release number for SNMP Research?
on
Security Hole In SNMP
·
· Score: 2, Informative
Sure, I've a clue.
15.2.1.7 is a release that shipped for nearly
a year on some operating systems up to October
of 2001. We started shipping 15.3 in July, and
15.3.1.7 is the release that has changes
addressing the OUSPG-related issues, which started
shipping in October.
The 15.3.1.7/15.2.1.7 release number similarity
is an unfortunate accident - had I thought
about it we might have done it differently.
Slashdot Mirror
Kudos to Wes. He put this well. SNMPv1 and SNMPv2c were not designed with security in mind (obviously, with a plain-text community string in every packet). The community string is used to identify in which context management data is to be returned. There is a long and sad history about what happened with attempts to secure SNMPv2. In the long run, it just didn't happen. SNMPv3, now, is another story. There have been concerns that its current privacy model (DES) is insufficient, but there have been no concerns expressed (that I am aware of) about its authentication model.
Sure, I've a clue.
15.2.1.7 is a release that shipped for nearly
a year on some operating systems up to October
of 2001. We started shipping 15.3 in July, and
15.3.1.7 is the release that has changes
addressing the OUSPG-related issues, which started
shipping in October.
The 15.3.1.7/15.2.1.7 release number similarity
is an unfortunate accident - had I thought
about it we might have done it differently.