[Dshield] Any reaonable way to measure connectivity speed?....

Dave Brookshire dsb at rlx.com
Wed Mar 31 18:50:28 GMT 2004


It amazes me that, even today, people are still putting devices with default community names.  /me shakes head.

IMHO, SNMP is ok for external, as long as you use some form of access control to limit the availabilty of the service to a select few hosts that you do monitoring from.

-db

-----Original Message-----
From: Peter Stendahl-Juvonen [mailto:peter.stendahl-juvonen at welho.com]
Sent: Wednesday, March 31, 2004 7:17 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Any reaonable way to measure connectivity
speed?....



list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
Wednesday, March 31, 2004 2:40 PM UTC+3 on behalf of Jon R. Kibler

| Maarten wrote:
|| 
|| I have found a great utility to do something like this. It is called
|| prtg and comes from paessler.com. It reads via SNMP the bytes
|| send/received and calculated the bandwith used. Works on any
|| available SNMP machine (routers, switches, servers etc.) 
|| 
| SNMP Security is an oxymoron. NEVER use SNMP on ANY device that is
| accessible by the Internet. Our policy is no SNMP nowhere, nohow,
| noway!  
| 
| If you are using SNMP you might as well hand any script kiddie a list
| of passwords to the administrator accounts to all of your systems.
| Well, maybe it isn't quite THAT bad, but its close.  


Jon et al.

Agreed, especially IF forgetting to change the default Community names,
which act as passwords for contacting the service remotely.

(The read-only community name is often by default "Public" and the
read-write "Private". These are common knowledge and it is essential to
change them to something not known and hard to crack BEFORE taking the
service into use.)

If there is a good reason for using and running the service, I recommend
using long enough (preferably maximum length) community names and
following the same principles in choosing community names as for setting
'secure' passwords.

It might also be preferable to turn off the response service for the
SNMP service. That way a possible abuser will not see whether the SNMP
service is running or not. 


- Pete


               "Three may keep a secret, if two of them are dead." 
Benjamin Franklin (1706-1790); US author, inventor, physicist &
politician.


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list