[unisog] Cisco switch monitoring without SNMP

Mark Boolootian booloo at ucsc.edu
Tue Oct 17 16:34:46 GMT 2006


> Replacing "old" equipment may be quite expensive.  I would feel quite  
> uncomfortable using only source IP filtering and a community string  
> that could be sniffed for anything but a temporary or stop-gap  
> solution.  Once it gets sniffed or guessed it's game over.

If you're talking about a read-write community string, I'd agree. 
However, I don't think the same can be said for a read-only community 
string.  Source IP filtering is quite effective when used with a read-only
community string.  It means that only the permitted systems/subnets will 
be able to reap SNMP data, even in the face of a miscreant discovering the 
read-only string.  




More information about the unisog mailing list