[ LUGOS ] snmp oddities

Stojan Rancic stojan na bofh.cx
Sre Jan 17 09:26:46 CET 2001


Hojla

Ena zadeva me muci: na strezniku imam cmu-snmpd daemon.. zadeva lepo
dela, snmp pobira statistike iz njega,... Skratka, zadeva ima
nastavljen svoj access list takole :

-------------
com2sec local     localhost       community
com2sec mynetwork x.x.x.x.      community

group MyRWGroup v1        local
group MyROGroup v1        mynetwork

access MyROGroup ""      any       noauth    exact      all    none   none
access MyRWGroup ""      any       noauth   exact      all    all    none 
-------------
  
.. kjer je x.x.x.x masina, ki ima dovoljen dostop.


Naknadno sem nastavil tole :

/sbin/ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  x.x.x.x         moja.kista.nekje           any ->   snmp
REJECT     udp  ----l-  anywhere             moja.kista.nekje           any ->   snmp
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

No, kaj me muci.. v loge dobivam redno tole :

Jan 17 08:29:06 kista ucd-snmp[17949]: Connection from y.y.y.y

Kjer je y.y.y.y ena ISP-jeva masina

tcpdump je pokazal tole :

08:29:06.255195 y.y.y.y.2093 > 255.255.255.255.snmp: GetNextRequest(11)[|snmp]

Skratka.. ce dam na primer snmpwalk iz ene random masine na mojo
masino, se to lepo rejecta z ipchains, logira v syslog and all:

Jan 17 09:17:58 kista kernel: Packet log: input REJECT eth0 PROTO=17 z.z.z.z:2894 x.x.x.x:161 L=74 S=0x00 I=61111 F=0x0000 T=60 (#2)
Jan 17 09:17:59 kista kernel: Packet log: input REJECT eth0 PROTO=17 z.z.z.z:2894 x.x.x.x:161 L=74 S=0x00 I=61112 F=0x0000 T=60 (#2)


Vprasanje torej : zakaj mi noce blokirat requestov iz ISP-jeve masine ? Kako te broadcast
zadeve blokirat ?







                              GreetZ, Stojan
---------------
Dawn: The time when men of reason go to bed.






Dodatne informacije o seznamu Starilist