On Fri, Oct 19, 2001 at 05:04:20PM -0400, peff-loganalat_private wrote: > > On Fri, 19 Oct 2001, Matthew G. Marsh wrote: > > > structure methodology. To that end I am also a big promoter/user of SNMP. > > We make extensive use of SNMPv3 in many of our managed security > > structures. This is the framework behind the following technique: > > I haven't used SNMP in years...what defenses does v3 provide against > spoofing? Assuming that strong cryptographic authentication could be > used, then this sounds like a great idea for doing central system > management. SNMPv3 provides authentication of sender[1] and integrity checks via MD5 and SHA, 3DES encryption, and a "valid time window" to avoid replay attacks. The big problem is that there is still a _lot_ of stuff out there that doesn't talk v3, especially in the world of network management software, which often necessitates rolling ones own solutions if one cares about security. > > You have to crack one of these systems within 5 minutes in such a manner > > as to change the OOB logging, AND disable the SNMP trapping mechanism, AND > > disable the host IDS mechanism, AND finally make sure that you send back > > appropriately spoofed hashes. > > This would be a perfect scenario for a ``hacking'' scene from a > Hollywood film. :) It would, of course, be easy if the protagonist was using a Mac laptop, which would mean that they would be running an app with a big "BYPASS SECURITY" button that would stop the giant countdown timer at 0:01 and save the day. :) -- Sweth. [1] Technically, authentication of the user on whose behalf the message was sent. -- Sweth Chandramouli ; <svcat_private> President, Idiopathic Systems Consulting --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sat Oct 20 2001 - 09:21:30 PDT