North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: it's here
On Tue, Feb 12, 2002 at 07:32:07PM +0000, Eric Brandwine wrote: > > >>>>> "sd" == Sean Donelan <[email protected]> writes: > > sd> On Tue, 12 Feb 2002, Alex Rubenstein wrote: > >> http://www.cert.org/advisories/CA-2002-03.html > > sd> ASN.1 is pretty cool, but I've been wondering are there that > sd> many ISPs which allow external SNMP access to their equipment? > sd> SNMP is a UDP management protocol, and even under the best of > sd> conditions, accepting packets from out of the blue isn't a good > sd> idea. > > Spoofed packets? > > It's not feasible to filter antispoof at OC-12 or OC-48 line rate on > all customer facing interfaces. But it should be not only feasible, but standard practice. -ron
|