Re: [squid-users] SNMP vulnerabilities?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 14 Feb 2002 05:26:04 +0100

On Wednesday 13 February 2002 18.00, Brian E. Seppanen wrote:

> I would assume that a proper acl in the config would minimize the
> possible exposures to any vulnerability. Preventing someone from
> spoofing the packets is another issue entirely.

Strongly recommended. There is plenty of sensitive information
available via the SNMP interface. Sort of like giving anyone access
to everything of cachemgr.

I'd also recommend you to firewall the SNMP port. Not only for Squid
but also any other SNMP enabled equipment you have such as printers,
routers, servers, desktops, etc..

If you are only using SMTP for MRTG or similar tools, and these run
on the same server as Squid then a good measurement is to make sure
Squid only listens for SNMP queries on localhost. See the
snmp_incoming_address directive.

If you are not using SNMP, then don't enable it when building Squid,
or at a minimum disable the SNMP port by setting "snmp_port 0" in
squid.conf.

Regards
Henrik Nordström
Squid Developer

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Wed Feb 13 2002 - 22:08:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:21 MST