can anyone identify the snmp version on the iSeries?
We have read in prev posts that IBM say's generically" it is unaffected
but I have people asking for more detail. Some news stories have
said get to level 2, other level 3 of the snmp protocol.

btw - some have complained (both to CERT.org & IBM) that the iSeries
is never mentioned or referenced. To IBM i would say "you keep telling
us we've got a great server & can play in the "real" world with a standards
based system", yet you leave us in the dark in the security area. I see the
protocols I use every day (http, telnet, ftp, pop, snmp, etc) listed in
CERTS
and all I can do is pray you've got it covered. (took years to get the old
security flawed DNS updated!) CERT answered me back and said it's up to
the vendor to participate. How about it ???
Went to the iSereis support site - searched "snmp AND security" - nothing
relevent. The rest of the world is paying attention to this!
jim franz
----- Original Message -----
From: "RayPeterson" <RayPeterson@gmx.co.uk>
To: <midrange-l@midrange.com>
Sent: Wednesday, February 13, 2002 5:41 PM
Subject: RE: SNMP Security flaw


>
>
> -----Original Message-----
> Steve McKay asked - "How big a deal is this ?"
>
> Here is the alert I received from The SANS Institute.  It provides many
> details.
>
>
>
> From: Alan Paller, Director of Research, The SANS Institute
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> SANS FLASH ALERT: Widespread SNMP Vulnerability
> 2:30 PM EST 12 February, 2002
>
>
> Note: This is preliminary data! If you have additional information,
> please send it to us at snmp@sans.org
>
> In a few minutes wire services and other news sources will begin
> breaking a story about widespread vulnerabilities in SNMP (Simple
> Network Management Protocol).  Exploits of the vulnerability cause
> systems to fail or to be taken over.  The vulnerability can be found in
> more than a hundred manufacturers' systems and is very widespread -
> millions of routers and other systems are involved.
>
> Your leadership is needed in making sure that all systems for which you
> have any responsibility are protected. To do that, first ensure that
> SNMP is turned off. If you absolutely must run SNMP, get the patch from
> your hardware or software vendor. They are all working on patches right
> now. It also makes sense for you to filter traffic destined for SNMP
> ports (assuming the system doing the filtering is patched).
>
> To block SNMP access, block traffic to ports 161 and 162 for tcp and
> udp.  In addition, if you are using Cisco, block udp for port 1993.
>
> The problems were caused by programming errors that have been in the
> SNMP implementations for a long time, but only recently discovered.
>
> CERT/CC is taking the lead on the process of getting the vendors to get
> their patches out.  Additional information is posted at
> http://www.cert.org/advisories/CA-2002-03.html
>
> Two final notes.
>
> Note 1:  Turning off SNMP was one of the strong recommendations in the
> Top 20 Internet Security Vulnerabilities that the FBI's NIPC and SANS
> and the Federal CIO Council issued on October 1, 2001.  If you didn't
> take that action then, now might be a good time to correct the rest of
> the top 20 as well as the SNMP problem.  The Top 20 document is posted
> at http://www.sans.org/top20.htm
>
> Note 2:  If you have Cisco routers (that's true for 85% of our readers)
> you are going to have to patch them to fix this problem. This is a great
> time to make the other fixes that will protect your Cisco routers from
> an increasingly common set of increasingly bad attacks.
>
> A great new free tool will be announced on Thursday that checks Cisco
> routers, finds most problems, and provides specific guidance on fixing
> each problem it finds.  We've scheduled a web broadcast for Thursday
> afternoon at 1 PM EST (18:00 UTC) to tell you about it and how to get
> it.
>
> Mark your calendar now and we'll supply complete data in tomorrow's
> Newsbites and on the SANS web site tomorrow, as well.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (BSD/OS)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8aX8y+LUG5KFpTkYRAnzlAJ920GGAqfFGAcNhrMQs+7N7wjBrEgCgkZM7
> 63OGBNgmoFsv/aajLby5+7g=
> =isBR
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.