SUMMARY: snmpdx

From: Mark Lewis <Mark.Lewis_at_Kinetech.net>
Date: Mon May 14 2001 - 03:48:47 EDT
hello, especially to the following bods

gary love, sergio gelato, janathon burelbach, jay lessert, chris cariffe,
kent perrier, lonnie ratcliff, steff watkins, moti levy, thomas anders and
hm guyen.

my original posting:

snmpdx errors in the /var/adm/messages:

May  9 23:17:17 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:17 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx
May  9 23:17:17 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:17 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx
May  9 23:17:31 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:31 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx
May  9 23:17:31 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:31 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx
May  9 23:17:41 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:41 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx
May  9 23:17:45 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:45 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx
May  9 23:17:45 sol8 snmpdx: [ID 683728 daemon.error] community_check() :
bad community from xxx.xxx.xxx.xxx
May  9 23:17:45 sol8 snmpdx: [ID 227867 daemon.error] session_open() failed
for a pdu received from xxx.xxx.xxx.xxx.xxxx

is this solved with a patch or is it a setup problem - if so anyone seen it?


ANSWERS:

some people suggested some form of unauthorised system access, and almost
everybody said that if you don't need snmp, DISABLE IT.
someone described it as 'pain and anguish'; i was also passed these links
which i would urge you to peep at:
http://www.securityfocus.com/frames/?content=/vdb/%3Fid%3D2417 - if you like
security focus pages
http://www.kb.cert.org/vuls/id/648304 - if you like seeing cert pages
(the above are the same snmp vulnerability).

Jonathon sent me this:

 "It is normal for snmpdx to go defunct if it is queried with an incorrect
  community name.  You can prevent this from happening by adding -f 0, at
the
  end of snmpdx startup command

   /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf -f 0

  This message "  Mar 13 23:20:57 aquarius.cit.nih.gov snmpdx: [ID 872610
  daemon.error] error while receiving a pdu from citemma1.cit.nih.gov.3981:
The
  message has a wrong version (1)", indicated that the snmpdx process
received a
  SNMPv2 request. Currently snmpdx only SNMPv1 requests."

and this is where i rest:  we had some software which wasn't configured
properly.  thankfully no snmpXdmid root shell attempts.

ta
mark


**********************************************************************
This email is intended only for the addressee. This email
and any files transmitted with it may contain confidential
or privileged information. If you are not the named
addressee or the person responsible for delivering the
message to the named addressee, please contact 
postmasters@Kinetech.net

This email has been scanned by MAILsweeper.
**********************************************************************
Received on Mon May 14 08:48:47 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:54 EDT