[c-nsp] Automatic SNMP trap generation
Bruce Pinsky
bep at whack.org
Wed Apr 26 11:09:52 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sam Stickland wrote:
> Hi Gert,
>
>> -----Original Message-----
>> From: Gert Doering [mailto:gert at greenie.muc.de]
>> Sent: 26 April 2006 10:30
>> To: Sam Stickland
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] Automatic SNMP trap generation
>>
>> Hi,
>>
>> On Wed, Apr 26, 2006 at 09:57:16AM +0100, Sam Stickland wrote:
>>> We need to run through our NMS and check that every device is correctly
>>> sending traps (and that the traps actually reach the NMS). Is there any
>> way,
>>> perhaps using the SNMP r/w community, to get a Cisco device to generate
>> a
>>> test (or unimportant) trap?
>> prod it with a non-valid SNMP communities to trigger alerts?
>>
>> (I know that these are logged via syslog, but I'm not sure whether it
>> will cause SNMP traps)
>
> Checked this out and SNMP trapped are generated on invalid SNMP communities,
> so firing off a bunch of snmpgets with bogus community strings we can test
> this.
>
But of course by doing this you expose the correct community string since
it is sent as part of the trap generated for the invalid community string.
In general, this is a bad idea.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFET41AE1XcgMgrtyYRAumoAKC6mRLrxY6Y6H/oszqFC9YeuOIoWgCdHiDD
mXj+eM4z0DSPYJw9s/r/YTc=
=pWrg
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list