SNMP Vulnerability with master_peer

Similar Messages

• SNMP integration with ISE 1.2

  Hi Guys,
  Did anyone have a hard time integrating ISE 1.2 with SNMP server for polling system parameters? I'm trying to add ISE 1.2.1 to solarwinds SNMP server but when adding the required parameters like IP address and community string and doing an SNMP test connection it returns a failure message. SNMP configuration on ISE is quit simple. Only two commands are needed which are the SNMP server IP and community string values. Searching on the web, i saw a bug CSCun42967  that documents SNMP problems with ISE 1.2. Could that be the problem? or if there is any limitations for this integration?
  Thanks,
  Mohammad

  Here is the helpful link :
  https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.pdf

• SNMP Trap with Solaris 9

  Hello,
  I am looking for information on SNMP traps that can be generated by the SNMP installed with the OS.
  How can I configure them and what is available?
  I read the doc Solstice Enterprise Agents 1.0 User Guide but did not find anything to configure SNMP Traps.
  Or which MIB should I use to get an event log that will report problem?
  Any help would be great!
  Thanks

  Hi,
  Even im facing this issue, for latest solaris 10 patches also.
  Thanks,
  Srikanth.

• SNMP Vulnerability

  Reference Oracle Security Alert #30 Dated: 5 March , 2002. The security alert states that "Oracle has fixed the potential vulnerability identified above in patch/bug fix number 2224724. Patches will be available only for supported releases of EM and Oracle Database on all platforms that require a patch."
  Oracle 8.1x is identified as a vulnerable product. Is there a patch available for Oracle 8.16 running under Windows NT Server?

  Anyone know why I'd be getting this message when I try
  to install patch 106787-17 (snmp vulnerability)?
  Checking installed patches...
  One or more patch packages included in
  106787-17 are not installed on this system.
  I did a pkginfo -il on all the packages in the
  directory and they are (4 of them) installed.I had the same problems when I tried to install the patch on our E250's running 2.6 and 2.7,
  Solaris 8 was no problem. I cehcked (like you did) that I had indeed all the packages installed.
  I was however in the lucky situation that I could just disable SNMP as it was not doing anything useful...
  I think if you look in the patch that you could perhaps just replace the files manually and then restart the service. (I guess it's a good idea to try on only one host first;)
  Good luck,
  Thomas

• Vulnerability with ssh in OpenSSH in an RHEL installation

  There was a security analysis run on one server which has RHEL 5.8 installed and it is showing security vulnerabilities with respect to ssh in OpenSSH with reference no CVE-2007-4752. The vulnerability solution in the security report is showing solution as below:
  Download and apply the upgrade from: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH
  I went to this site but it is showing lots of files on this site and it is not clear which patch/file to execute.
  I hope my query is clear as to how to take care of this vulnerability with ssh in OpenSSH in an RHEL installation.
  Please revert with the reply to my query.
  Regards

  975148 wrote:
  Request people in this forum to please revert.
  Regards
  You posted that second comment a mere three hours after starting this thread.
  Your urgency is irrelevant.   This is a Community discussion forum.   People are NOT just sitting around waiting for you to ask questions.   At all times, half the globe is asleep when you post.
  Next,
  You once again posted your question to other online discussion forums and failed to have the courtesy to mention the fact to anyone.
  http://www.unix.com/red-hat/236667-vulnerability-ssh-openssh-rhel-installation.html
  You've been cautioned about that habit before.
  You have your answer in that other forum site.
  This thread is locked.

• Is SSH safer or more vulnerable with password auth?

  I've been having a fight with the university IT people about SSH being unsafe because of the possibility of a brute-force password attack. Of course (as I explain to them) there are myriad ways to thwart this, some of which I had already taken before the fight began (only allow a short time to connect successfully, for example). (Although, I haven't been able to figure out if SSH can simply decide to refuse a connection after a certain number of failed passwords, but that's another issue..). On the other hand, I have seen a few sites in my SSH googling that hint that the RSA key authentication is less secure than password authentication.
  So, my question I would like to submit for discussion is this: Is a passwordless RSA key authentication more or less secure than password authentication, and why? Or, if you would rather, under what circumstances are each method more vulnerable?

  I think it really depends on the attack vector you are looking at.
  Assuming mutually exclusive for the sake of this discussion (either key-based auth with password login disabled, or password login and key based auth disabled). A password-less ssh key is likely more vulnerable to an endpoint exploit -- as if an attacker has your sshkey without a password, he has access. Password-over-ssh is likely more vulnerable to a server-side exploit -- opens the password-guess vector, and if you aren't paying attention to the 'fingerprint doesn't match' message and someone hijacks your dns, you could attempt to login to a compromised system, thus giving away your password. Key-based auth would fail if they did not have your public key on the compromised server (you would still see the fingerprint difference message though).
  You can do things to increase the security of the above vectors, from using a passphrase on your ssh-key and using ssh-agent (so you only have to auth once per session and it simply 'unlocks' your key, and doesn't leave it laying around open)..to using something like knockd or fail2ban on the server side.
  Personally, I use a passphrase protected ssh key (along with ssh-agent), and disable interactive (password) authentication on my boxes anytime they are exposed to a public network (along with adding root to the denyusers ssh list).
  Last edited by cactus (2009-07-08 01:52:11)

• ISE - Unable to get SNMP information with the community

  this is the output on the switch when clicking on a switch interface in authentications monitoring in ise
  test2#sh snmpChassis: FOC1330W1K0112 SNMP packets input    0 Bad SNMP version errors    4 Unknown community name    0 Illegal operation for community name supplied    0 Encoding errors    44 Number of requested variables    0 Number of altered variables    44 Get-request PDUs    0 Get-next PDUs    0 Set-request PDUs    0 Input queue packet drops (Maximum queue size 1000)143 SNMP packets output    0 Too big errors (Maximum packet size 1500)    0 No such name errors    0 Bad values errors    0 General errors    108 Response PDUs    35 Trap PDUsSNMP global trap: enabledSNMP logging: enabled    Logging to xxx.xxx.yyy.5.162, 0/10, 7 sent, 0 dropped.   (admin/monitoring)SNMP agent enabled
  config of snmp:
  snmp-server community snmp-com.public RO 33access-list 3 permit xxx.xxx.kk.0 0.0.0.255access-list 3 permit xxx.xxx.zz.0 0.0.0.255access-list 3 permit xxx.xxx.yyy.0 0.0.0.255 (admin/monitoring)
  Unknown community name keeps rising when I click on the switch interface name in ise ... any suggestion ?
  Snmp is configured for the switch added to ise with the right community name (v2c - snmp-com.public )
  Ise ver 1.1.2.145
  thank you for your help

  thank you for your feedback and yes the acl in this situation is the only secure option
  once again... it's a shame that a security appliance forces you to use unsecure passwords and protocols..
  marking your answer as correct
  hopefully this thread will help others
  thank you again

• SNMP traps with WLC 4402

  Currently using WLC 4402 with about a dozen WAPs. I would like to start logging some messages to troubleshoot some association issues. The syslog does not seem adequate for this the issues I am having. I noticed the default SNMP traps but is only holds 255 traps. I have tried to setup an SNMP server to get the traps but I get no data, only OID values. I was successful in getting the MIBs for the OIDs but still not all the data that I see on the brief traps screen.

  Hi,
  I have tried it with solarwinds and works fine for me. Talking about the traps. But they are too many.
  The OID is : 1.3.6.1.4.1.14179.1.1.2.4.1.22
  snmp info for polling:
  MIB Value Type: Raw Value
  Format: None
  SNMP Get Type: Get Table
  Polling Type: node
  On WLC go to Managemnet (top TAB)
  Right hand select > SNMP > Traps Control.
  In this menu select what traps to need to be logged.
  These traps will be shows on the oid polled.

• SNMP implementation with EJB

  Hi,
  Can anyone help me in answering my below points with repect to SNMP and EJB communication arichecture.
  1) I needs to indicate clearly the EJB container containing the Fault Managment application in EJB application.
  2) The relationship of EJB Container and the EJB connecter
  3) The connector of EJB and its relationship to SNMP manager APIs
  4) The Manager APIs to SNMP agent.
  Then it should clearly say the scaling by saying that Fault Management application deployment on multiple servers the how the EJB container to SNMP agent are affected
  Please reply to these queries as soon as possible
  Thanks,

  Hi,
  About the develop question please post to the MSDN forum.
  MSDN forum Developer Network
  http://social.msdn.microsoft.com/Forums/en-US/home?forum=WAVirtualMachinesVirtualNetwork&filter=alltypes&sort=lastpostdesc
  Thanks for your understanding and support.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How do I restart the SNMP agents with the original command line options?

  I'm creating an application that changes the SNMP trap target configuration files and then restarts the SNMP agent. I'm currently working with the mibiisa agent. I want to make sure that I restart the service with the new trap targets but with the original command line options. How can I restart the mibiisa service with the same command line options that it originally loaded with?

  It is not "Network Time" that is the problem, but actually "SystemStarter." SystemStarter is an interim kludge to enable the work or the old StartupItems until they can be converted to LaunchDaemons or LaunchAgents controlled by launchd. Launcd calls SystemStarter to launch all the unconverted StartupItems. ntpd is now under the control of launchd directly.
  Launchctl is the command to load and unload the plist files, but I don't think it has a mechanism to restart a daemon.
  There are start and stop commands in launchctl, but the man page indicates that they are for debugging purposes.
  I also imagine you could just kill the ntp daemon and let it restart with new settings. It is most likely set to "keepAlive" so that it will automatically restart.

• SNMP issues with RV082

  Does anyone else poll this router with SNMP?
  We are using firmware version: 2.0.0.19-tz
  We are having problems with the traffic counters, some of them appear to be implemented as 16 bit counter instead of 32 bit counters. The reason this is causing problems is that they roll over (at 65,000) to 0 in less than our minute polling cycle, really skewing our metrics.
  The counter for the Lan (interface 2) seems to be functioning properly, however interfaces 3 and 4 (WAN and DMZ / WAN2) rollover at 65000.
  Tue May 11 08:38:31 EDT 2010
  IF-MIB::ifInOctets.1 = Counter32: 137634
  IF-MIB::ifInOctets.2 = Counter32: 1865677943
  IF-MIB::ifInOctets.3 = Counter32: 12450
  IF-MIB::ifInOctets.4 = Counter32: 49354
  Look at counter IF-MIB::ifInOctets.4 5 seconds later:
  Tue May 11 08:38:36 EDT 2010
  IF-MIB::ifInOctets.1 = Counter32: 137634
  IF-MIB::ifInOctets.2 = Counter32: 1865836207
  IF-MIB::ifInOctets.3 = Counter32: 13167
  IF-MIB::ifInOctets.4 = Counter32: 12900
  Any suggestions?
  Thanks!

  Looks like a bug.
  I'm using the same firmware, and the bug can be seen with one reading:
  $ snmpwalk -v 2c -c public 192.168.20.253
  IF-MIB::ifDescr.2 = STRING: ixp0
  IF-MIB::ifDescr.3 = STRING: ixp1
  IF-MIB::ifDescr.4 = STRING: ixp2
  IF-MIB::ifInOctets.2 = Counter32: 2882720251
  IF-MIB::ifInOctets.3 = Counter32: 59554
  IF-MIB::ifInOctets.4 = Counter32: 31339
  IF-MIB::ifInUcastPkts.2 = Counter32: 114769131
  IF-MIB::ifInUcastPkts.3 = Counter32: 4291658323
  IF-MIB::ifInUcastPkts.4 = Counter32: 4292343584
  The unicast packet counters seem correct, the LAN counters (both byte and packet) seem correct, but the WAN (both WAN1 & WAN2) byte counts are flawed, i.e. no relation to the packet counters.

• Possible security vulnerability with apex

  Hello experts,
  I developed an application based on apex 4.2.6.00.03.
  The application uses custom authentication.
  My workplace uses Acunetix Web Vulnerability Scanner. When I scanned my app through Acunetix , the scan report shows my login password in clear text.
  (When we run the scan, we provide login sequence to Acunetix by actually logging in to the application)
  The scan report shows results like this: (I have removed my login credentials here and modified numbers for p_arg_names)
  /apex/wwv_flow.accept
  p_arg_names=357038148338609&p_arg_names=357039161318613&p_flow_id=&p_flow_step_id=10
  1&p_instance=325240555604&p_md5_checksum=&p_page_checksum=2EB94E21D0F04502B99AFFF7
  FAFD&p_page_submission_id=108909717781&p_request=LOGIN&p_t01="my user name"&p_t02="my password in clear text"
  How can I prevent my password to be showing up as clear text? Or even better, remove password completely?
  Password item is of type "Password". I didn't change default attributes of this item.
  Please help! And let me know if you need any further information to debug the issue.
  Thanks,
  RN

  I had a brief look at;
  http://www.acunetix.com/blog/docs/scan-form-based-protected-area-using-acunetix-login-sequence-recorder/
  Assuming that is how you have provided the username and password then this is how the web scanner has obtained the password. This is not 'interception' of the SSL channel. In effect you have typed the username/password into the web scanner application and it is using it to logon to the application (and showing you in its logs). We use a variation of the same technique in our ApexSec security product to log into the APEX builder. So long as the web scanner uses SSL to then forward the credentials then there is minimal additional risk than using a normal browser.
  If your certificates are correct and signed and the SSL server does not support 'weak ciphers' plus a normal browser indicates there is nothing wrong with the secure connection then you are as protected as you can be from interception of an established connection.
  Weak ciphers are detailed here - I presume you have some form of support from Acunetix;
  https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
  SSL by default does not give you "endpoint" security, i.e. any entity that can establish a network connection to the SSL service can create an SSL channel and interact with the service, as I've mentioned this can be implemented via SSL with client side certificates.
  If the assumptions I have made are correct and the details you have provided are correct then it sounds like this is not an issue you need to be concerned about.
  Hope this helps.
  regards,

• SNMP Support with Oracle Agents, does somebody have experience

  Hy iam a student in Germany,
  I'am working with an Company in air traffic management
  and I'am searching for help with SNMP and Oracle 8i
  Does anybody have implemented the intelligent Agent in
  Oracles 8i to be managed with an HP Open View ore another
  NNM System?
  In my opinion Oracles Agent doesn't support SNMP Version 3
  des encryted neither AgentX requirements.
  Is this true?
  Is it possible to manage the DB with UCD-SNMP and embeddet SQL?
  If you answer to my or write an email I would be very happy.
  [email protected]

  i read a blog post that you can deploy patches via a Deployment Type for a Application. I configured a Deployment Type as Script Installer for my main Installation (the Main Application is already Deployed) and as the detection method i used "Fileversion".
  The Problem now is that i cannot see the Patch in the Software Center of the client PC. Anybody knows why? The Main Installation is located in the ccmcache of the Client PC but not that Patch... (MSP) The Patch is from our own Product.
  When i look into the AppDiscoveryLog with CMTrace i can see this:
      Performing detection of app deployment type application patch 123(ScopeId_F005A2B5-3FD9-4873-979E-1B406115BB16/DeploymentType_5f0d99c3-efec-4002-9101-be8ba59140d0, revision 10) for system.    AppDiscovery   
  14.11.2014 14:41:10    3360 (0x0D20)
  +++ Discovered application [AppDT Id: ScopeId_F005A2B5-3FD9-4873-979E-1B406115BB16/DeploymentType_5f0d99c3-efec-4002-9101-be8ba59140d0, Revision: 10]    AppDiscovery    14.11.2014 14:41:10    3360 (0x0D20)
  +++ Detected app deployment type application patch 123(ScopeId_F005A2B5-3FD9-4873-979E-1B406115BB16/DeploymentType_5f0d99c3-efec-4002-9101-be8ba59140d0, revision 10) for system.    AppDiscovery    14.11.2014 14:41:10   
  3360 (0x0D20)

• Weblogic SNMP Agent with WindowsNT SNMP Agent

  Can I setup Weblogic SNMP agent as a sub-agent to Windows NT SNMP agent (Microsoft's version)? According to documentation, sub-agents for Microsft's SNMP agent need to be implemented as 32-bit multithreaded DLLs using the Microsoft SNMP API. Does Weblogic have DLLs that we could use for this purpose?
  If that is not possible, is there a roadmap on how to provide the same support as the Microsoft's SNMP agent under Weblogic SNMP agent so that the Weblogic agent would provide the same visibility into the system that the Microsoft's agent does by default? Is this even possible?
  Thanks.

  "Sanjeev Mishra" <[email protected]> wrote:
  >
  Does anyone know how to make Microsoft's SNMP Master Agent run on a different port?
  I figured this out. It uses the 'snmp' setting from the services file. Just changing that works. Would have been more convenient if there was also a command line flag for that purpose.
  Thanks.
  "Sanjeev Chopra" <[email protected]> wrote:
  Sanjeev Mishra <[email protected]> wrote in message
  news:39fde7f2$[email protected]..
  Can I setup Weblogic SNMP agent as a sub-agent to Windows NT SNMP agent(Microsoft's version)? According to documentation, sub-agents for Microsft's
  SNMP agent need to be implemented as 32-bit multithreaded DLLs using the
  Microsoft SNMP API. Does Weblogic have DLLs that we could use for this
  purpose?
  No.
  However, you can have the WLS agent proxy for the NT agent. e.g. you can run
  the NT agent on a non-standard port and the WLS agent on 161 and then use
  '-otherAgents' option so that the WLS agent will forward any reqs for the NT
  agent MIB to that agent. In this setup the SNMP Manager can view that node
  as one SNMP entity which supports the WLS MIB + NT MIB
  See http://www.weblogic.com/docs51/admindocs/snmpagent.html#use_agent for
  details.
  If that is not possible, is there a roadmap on how to provide the samesupport as the Microsoft's SNMP agent under Weblogic SNMP agent so that the
  Weblogic agent would provide the same visibility into the system that the
  Microsoft's agent does by default? Is this even possible?
  Thanks.

• SNMP subagent with SMUX SNMP master agent

  I'm looking for the smux agent configuration for ucp-snmp to be able to use it as the master agent on a Linux/Solaris server. The subagent would be the LDAP instance snmp sub-agent. According to the documentation, if I have a master agent that I can't get rid of and is smux compliant, I can use it instead of the Netscape SNMP Master agent.
  Even by configuring the ucp-snmp master agent as per the Netscape Directory Server documentation, the subagent is not starting. I always get the following error: "Unexpected error" in the console 4.2 window.
  I'm using a Netscape Directory Server 4.16
  Can anybody help me on what should be the smux configuration and then how to start the LDAP instance subagent?

  Hi,
  Iplanet does not support for it's products being installed on linux or snmp for linux.