On Fri, 19 Oct 2001, Matthew G. Marsh wrote: > structure methodology. To that end I am also a big promoter/user of SNMP. > We make extensive use of SNMPv3 in many of our managed security > structures. This is the framework behind the following technique: I haven't used SNMP in years...what defenses does v3 provide against spoofing? Assuming that strong cryptographic authentication could be used, then this sounds like a great idea for doing central system management. I suppose you could also just do cryptographic signing at the layer above SNMP. I assume you're also working on some sort of timeout at the central server...that is, if you don't receive a hash in N seconds, an alarm is tripped. > You have to crack one of these systems within 5 minutes in such a manner > as to change the OOB logging, AND disable the SNMP trapping mechanism, AND > disable the host IDS mechanism, AND finally make sure that you send back > appropriately spoofed hashes. This would be a perfect scenario for a ``hacking'' scene from a Hollywood film. :) > Nothing is perfect but experience teaches that several short barbed wire > fences separated by moats is much much better than one large fence... Agreed. -Jeff --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 19:01:14 PDT