First off , I'm posting this question here because it appears the SNMP mailing list is now defunct. If this is the wrong list to post this please let me know and I'll repost it in the correct one.
First I'm running squid with snmp enabled on Centos 4.7. the version of squid is the most recent offered for 4.7: squid-2.5.STABLE14-4.el4. this is my entire snmp configuration (with names and variables changed to protect the innocent ;-))
acl chapmansnmp snmp_community publ!c
snmp_port 3401
snmp_access deny chapmansnmp !chapman1
We are using Rapid7's NeXpose software for vulnerability testing. What was discovered is that an snmpwalk done with anything used as the snmp community string and squid responds back. I've also seen the same results from a Nessus scan (I believe Rapid7 software is based on Nessus but thought I'd try it anyway. I've also seen similar results posted on the Internet). I've tried modifying my community string to see if the special characters are causing the issue but that didn't fix it. Here is an example of an snmpwalk done on one of our proxy servers:
(Note that the community string given is public. That was not a valid community string on the box. I tried all kinds of things and everything worked.
C:\Documents and Settings\mferguson>snmpwalk -c public -v 2c 10.160.57.34:3401 .1.3
SNMPv2-SMI::enterprises.3495.1.1.1.0 = INTEGER: 100
SNMPv2-SMI::enterprises.3495.1.1.2.0 = INTEGER: 4856
SNMPv2-SMI::enterprises.3495.1.1.3.0 = Timeticks: (1750887) 4:51:48.87
SNMPv2-SMI::enterprises.3495.1.2.1.0 = STRING: "root"
SNMPv2-SMI::enterprises.3495.1.2.2.0 = STRING: "squid"
SNMPv2-SMI::enterprises.3495.1.2.3.0 = STRING: "2.5.STABLE14"
SNMPv2-SMI::enterprises.3495.1.2.4.0 = STRING: "ALL,1"
SNMPv2-SMI::enterprises.3495.1.2.5.1.0 = INTEGER: 8
SNMPv2-SMI::enterprises.3495.1.2.5.2.0 = INTEGER: 100
SNMPv2-SMI::enterprises.3495.1.2.5.3.0 = INTEGER: 95
SNMPv2-SMI::enterprises.3495.1.2.5.4.0 = INTEGER: 90
SNMPv2-SMI::enterprises.3495.1.3.1.1.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.1.2.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.1.3.0 = INTEGER: 136
SNMPv2-SMI::enterprises.3495.1.3.1.4.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.1.5.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.1.6.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.1.7.0 = Gauge32: 43
SNMPv2-SMI::enterprises.3495.1.3.1.8.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::enterprises.3495.1.3.1.9.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.1.10.0 = Gauge32: 1015
SNMPv2-SMI::enterprises.3495.1.3.1.11.0 = Gauge32: 100
SNMPv2-SMI::enterprises.3495.1.3.2.1.1.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.2.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.3.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.4.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.5.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.6.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.7.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.8.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.9.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.10.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.11.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.12.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.13.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.1.14.0 = Gauge32: 4856
SNMPv2-SMI::enterprises.3495.1.3.2.1.15.0 = Gauge32: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.1.1 = INTEGER: 1
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.1.5 = INTEGER: 5
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.1.60 = INTEGER: 60
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.2.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.2.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.2.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.3.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.3.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.3.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.4.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.4.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.4.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.5.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.5.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.5.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.6.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.6.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.6.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.7.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.7.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.7.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.8.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.8.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.8.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.9.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.9.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.9.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.10.1 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.10.5 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.3.2.2.1.10.60 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.4.1.1.0 = Gauge32: 21
SNMPv2-SMI::enterprises.3495.1.4.1.2.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.1.3.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.1.4.0 = Gauge32: 0
SNMPv2-SMI::enterprises.3495.1.4.1.5.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.1.6.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.1.7.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.1.8.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.2.1.0 = Gauge32: 8
SNMPv2-SMI::enterprises.3495.1.4.2.2.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.2.3.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.2.4.0 = Gauge32: 0
SNMPv2-SMI::enterprises.3495.1.4.2.5.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.2.6.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.2.7.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.3.1.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.3.2.0 = Counter32: 0
SNMPv2-SMI::enterprises.3495.1.4.3.3.0 = Counter32: 0
End of MIB
Any idea of a work around or a fix? Is this something that has been fixed in a later version or is it scheduled to be fixed?
Thanks for your time.
____________________________
Matt Ausmus
Network Administrator
Chapman University
635 West Palm Street
Orange, CA 92868
(714)628-2738
mausmus_at_chapman.edu
"Man will occasionally stumble over the truth, but most of the time he will pick himself up and continue on."
- Churchill's Commentary on Man
Received on Mon Dec 08 2008 - 18:35:45 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 09 2008 - 12:00:01 MST