hello, especially to the following bods gary love, sergio gelato, janathon burelbach, jay lessert, chris cariffe, kent perrier, lonnie ratcliff, steff watkins, moti levy, thomas anders and hm guyen. my original posting: snmpdx errors in the /var/adm/messages: May 9 23:17:17 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:17 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx May 9 23:17:17 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:17 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx May 9 23:17:31 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:31 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx May 9 23:17:31 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:31 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx May 9 23:17:41 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:41 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx May 9 23:17:45 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:45 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx May 9 23:17:45 sol8 snmpdx: [ID 683728 daemon.error] community_check() : bad community from xxx.xxx.xxx.xxx May 9 23:17:45 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed for a pdu received from xxx.xxx.xxx.xxx.xxxx is this solved with a patch or is it a setup problem - if so anyone seen it? ANSWERS: some people suggested some form of unauthorised system access, and almost everybody said that if you don't need snmp, DISABLE IT. someone described it as 'pain and anguish'; i was also passed these links which i would urge you to peep at: http://www.securityfocus.com/frames/?content=/vdb/%3Fid%3D2417 - if you like security focus pages http://www.kb.cert.org/vuls/id/648304 - if you like seeing cert pages (the above are the same snmp vulnerability). Jonathon sent me this: "It is normal for snmpdx to go defunct if it is queried with an incorrect community name. You can prevent this from happening by adding -f 0, at the end of snmpdx startup command /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf -f 0 This message " Mar 13 23:20:57 aquarius.cit.nih.gov snmpdx: [ID 872610 daemon.error] error while receiving a pdu from citemma1.cit.nih.gov.3981: The message has a wrong version (1)", indicated that the snmpdx process received a SNMPv2 request. Currently snmpdx only SNMPv1 requests." and this is where i rest: we had some software which wasn't configured properly. thankfully no snmpXdmid root shell attempts. ta mark ********************************************************************** This email is intended only for the addressee. This email and any files transmitted with it may contain confidential or privileged information. If you are not the named addressee or the person responsible for delivering the message to the named addressee, please contact postmasters@Kinetech.net This email has been scanned by MAILsweeper. **********************************************************************Received on Mon May 14 08:48:47 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:54 EDT