Re: RPAT - Realtime Proxy Abuse Triangulation

From: Greg Barnes <greg(at)ins.com>
Date: Mon Dec 30 2002 - 14:25:07 EST

Hi Rob,

All true as told IMHO - but I have 2 slight issues with one of the statements you made here, the last one.

With all due respect, SNMP is not something we inherited 'from the time when the entire Internet was a trustable network'. SNMPv1 had weak control mechanisms *built into it* because its power 'to do evil' was foreseen by the IETF working group....

The other issue is that the Internet was never the type of network you described IMNSHO....it has always been 'untrustworthy'.

Not picking on you, just feeling cagey today I guess. :-)

Friday, December 27, 2002, 7:00:16 PM, you wrote:

RS> SNMP is used to manage networks.  As it has weak authentication (except
RS> in some implementations, which are not entirely interoperatble with
RS> other such implementations), it is insecure, profoundly so, over
RS> untrusted lines.  It is definitely NOT used to manage the internet, just
RS> certain parts of it, and even then SNMP is not allowed in or out of the
RS> border of those networks, when properly done.  Queries are illegal in
RS> some jurisdictions, as they are both more informational and less casual
RS> than, say, a ping sweep.  Simply put, SNMP is something that we have
RS> inherited from the time when the entire internet was a trustable
RS> network.

>> -----Original Message-----

RS> ----------------------------------------------------------------------------
RS> This list is provided by the SecurityFocus ARIS analyzer service.

RS> For more information on this free incident handling, management RS> and tracking system please see: http://aris.securityfocus.com

-

Regards,

Greg

PGP Fingerprint:
723E 7CAD 4EF5 D904 1EE8 5279 71A5 A594 E6A7 C48E

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Dec 30 15:26:59 2002