From owner-freebsd-security Tue Jul 14 06:33:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02855 for freebsd-security-outgoing; Tue, 14 Jul 1998 06:33:06 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dworkin.amber.org (petrilli@dworkin.amber.org [209.31.146.74]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA02850 for ; Tue, 14 Jul 1998 06:33:03 -0700 (PDT) (envelope-from petrilli@dworkin.amber.org) Received: from localhost (petrilli@localhost) by dworkin.amber.org (8.9.0/8.9.0) with SMTP id JAA22596; Tue, 14 Jul 1998 09:32:54 -0400 (EDT) Date: Tue, 14 Jul 1998 09:32:53 -0400 (EDT) From: "Christopher G. Petrilli" To: Espen Torseth cc: freebsd-security@FreeBSD.ORG Subject: RE: Large-scale scan of SNMP ports In-Reply-To: <81A91106E131D111BA8500608C23A6620CDFF8@nt1gj.da.posten.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 14 Jul 1998, Espen Torseth wrote: > There is the possibility that someone has started "auto-discovery" in > HP-OpenView, > CA UniCenter, etc. and given the wrong net-adress/subnet-mask. This has > happend > before, and will happen again... Also, last time I used HPOV, by default it scanned 0.0.0.0/0, meaning EVERYTHING in the world. I know this because *I* accidentally did this... fortuately it was behind a firewall :-) But this can be a common problem, what I would recommend is that unless there's some reason, you should block all SNMP traffic at your router, in BOTH directions (to prevent yourself from succumbing to potential problems). Chris -- | Christopher Petrilli | petrilli@amber.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message