[c-nsp] snmp access list
Phil Mayers
p.mayers at imperial.ac.uk
Sun May 4 08:01:10 EDT 2008
Андрей Сластенов wrote:
>
> SNMP use udp. So, someone (if know community of course) may spoof IP source
> address of SNMP request.
Lots of networks can (should) have spoofing be impossible. That attack
would not work on our network for example.
It's a problem for the DFZ though.
<rant>
It's worth pointing out that SNMP can run over TCP. IOS doesn't support
it of course, because Cisco seem happy to let management fester. I guess
the rationale is "everyone copies IOS, it must be good".
The IOS CLI is a hacked-up copy of "ex":
http://connection.netcordia.com/blogs/terrys_blog/archive/2007/10/28/the-history-of-the-cisco-cli.aspx
...and here we are >15 years later, with no real improvements beyond
aliases and TCL.
Bah. I want my junoscript (and no, I don't rate netconf)
</rant>
More information about the cisco-nsp
mailing list