SNMPWALK test isn't working with the community string
chaz11581
I have configured SNMP on a RHEL AS 2.1AS OS. I am testing my SNMP
setup with the 'snmpwalk' command against the 'public' and
'*LookDon'tTouchPlease!' community strings.
I am sucessfully able to test with the 'public' community string:
[root@RACA2 snmp]# snmpwalk -v 1 -c public localhost system
system.sysDescr.0 = Linux RACA2 2.4.9-e.27enterprise #1 SMP Tue Aug 5
15:39:21 EDT 2003 i686
system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.linux
system.sysUpTime.0 = Timeticks: (7289) 0:01:12.89
system.sysContact.0 = root@localhost
system.sysName.0 = RACA2
system.sysLocation.0 = Unknown
system.sysORLastChange.0 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORID.1 = OID: ifMIB
system.sysORTable.sysOREntry.sysORID.2 =
OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpMIB
system.sysORTable.sysOREntry.sysORID.3 = OID: tcpMIB
system.sysORTable.sysOREntry.sysORID.4 = OID: ip
system.sysORTable.sysOREntry.sysORID.5 = OID: udpMIB
system.sysORTable.sysOREntry.sysORID.6 =
OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpVacmMIB.vacmMIBConformance.vacmMIBGroups.vacmBasicGroup
system.sysORTable.sysOREntry.sysORID.7 =
OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpFrameworkMIB.snmpFrameworkMIBConformance.snmpFrameworkMIBCompliances.snmpFrameworkMIBCompliance
system.sysORTable.sysOREntry.sysORID.8 =
OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpMPDMIB.snmpMPDMIBConformance.snmpMPDMIBCompliances.snmpMPDCompliance
system.sysORTable.sysOREntry.sysORID.9 =
OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpUsmMIB.usmMIBConformance.usmMIBCompliances.usmMIBCompliance
system.sysORTable.sysOREntry.sysORDescr.1 = The MIB module to describe
generic objects for network interface sub-layers
system.sysORTable.sysOREntry.sysORDescr.2 = The MIB module for SNMPv2
entities
system.sysORTable.sysOREntry.sysORDescr.3 = The MIB module for
managing TCP implementations
system.sysORTable.sysOREntry.sysORDescr.4 = The MIB module for
managing IP and ICMP implementations
system.sysORTable.sysOREntry.sysORDescr.5 = The MIB module for
managing UDP implementations
system.sysORTable.sysOREntry.sysORDescr.6 = View-based Access Control
Model for SNMP.
system.sysORTable.sysOREntry.sysORDescr.7 = The SNMP Management
Architecture MIB.
system.sysORTable.sysOREntry.sysORDescr.8 = The MIB for Message
Processing and Dispatching.
system.sysORTable.sysOREntry.sysORDescr.9 = The management information
definitions for the SNMP User-based Security Model.
system.sysORTable.sysOREntry.sysORUpTime.1 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.2 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.3 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.4 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.5 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.6 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.7 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.8 = Timeticks: (0) 0:00:00.00
system.sysORTable.sysOREntry.sysORUpTime.9 = Timeticks: (0) 0:00:00.00
However, when I run the same command with the '*LookDon'tTouchPlease!'
community string I get the following input character:
[root@RACA2 snmp]# snmpwalk -v 1 -c *LookDon'tTouchPlease! localhost
interface
>
>
>
>
>
>
I tried quotes,single quotes and parenthesis around the community
string since it contains a wildcard in the name but to no success. Can
anyone help me successfully test this out with the
'*LookDon'tTouchPlease!' community string?
Thanks,
Chaz
chaz11581
string in both the /etc/snmp/snmpd.conf file and with the snmpwalk
command, it is now working:
root@RACA2 snmp]# snmpwalk -v 1 -c "*LookDon'tTouchPlease!" localhost
system.sysDescr.0 = Linux RACA2 2.4.9-e.27enterprise #1 SMP Tue Aug 5
15:39:21 EDT 2003 i686
system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.linux
> Hello Community,
>
> I have configured SNMP on a RHEL AS 2.1AS OS. I am testing my SNMP
> setup with the 'snmpwalk' command against the 'public' and
> '*LookDon'tTouchPlease!' community strings.
>
> I am sucessfully able to test with the 'public' community string:
>
> [root@RACA2 snmp]# snmpwalk -v 1 -c public localhost system
> system.sysDescr.0 = Linux RACA2 2.4.9-e.27enterprise #1 SMP Tue Aug 5
> 15:39:21 EDT 2003 i686
> system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.linux
> system.sysUpTime.0 = Timeticks: (7289) 0:01:12.89
> system.sysContact.0 = root@localhost
> system.sysName.0 = RACA2
> system.sysLocation.0 = Unknown
> system.sysORLastChange.0 = Timeticks: (0) 0:00:00.00
> system.sysORTable.sysOREntry.sysORID.1 = OID: ifMIB
> system.sysORTable.sysOREntry.sysORID.2 =
> OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpMIB
> system.sysORTable.sysOREntry.sysORID.3 = OID: tcpMIB
> system.sysORTable.sysOREntry.sysORID.4 = OID: ip
> system.sysORTable.sysOREntry.sysORID.5 = OID: udpMIB
> system.sysORTable.sysOREntry.sysORID.6 =
> system.sysORTable.sysOREntry.sysORID.7 =
> OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpFrameworkMIB.snmpFrameworkMIBConformance.snmpFrameworkMIBCompliances.snmpFrameworkMIBCompliance
> system.sysORTable.sysOREntry.sysORID.8 =
> OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpMPDMIB.snmpMPDMIBConformance.snmpMPDMIBCompliances.snmpMPDCompliance
> system.sysORTable.sysOREntry.sysORID.9 =
> OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpUsmMIB.usmMIBConformance.usmMIBCompliances.usmMIBCompliance
Suren Karapetyan
OK... I just couldn't resist...
Why the hell did You need a ' in the community string? :)
chaz11581
was thinking initially about single quotes due to the wildcard being
in the community string name.
On May 21, 1:01 pm, Suren Karapetyan <surenkarapet...@gmail.com>
wrote:
> > It looks like after re-testing with double quotes around the community
> > string in both the /etc/snmp/snmpd.conf file and with the snmpwalk
> > command, it is now working:
>
> > root@RACA2 snmp]# snmpwalk -v 1 -c "*LookDon'tTouchPlease!" localhost
> > system
> > system.sysDescr.0 = Linux RACA2 2.4.9-e.27enterprise #1 SMP Tue Aug 5
> > 15:39:21 EDT 2003 i686
> > system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.linux
> > system.sysUpTime.0 = Timeticks: (5449) 0:00:54.49
> > system.sysContact.0 = root@localhost
> > system.sysName.0 = RACA2
> > system.sysLocation.0 = Unknown
> > system.sysORLastChange.0 = Timeticks: (0) 0:00:00.00
> > system.sysORTable.sysOREntry.sysORID.1 = OID: ifMIB
> > system.sysORTable.sysOREntry.sysORID.2 =
> > OID: .iso.org.dod.internet.snmpV2.snmpModules.snmpMIB
> > system.sysORTable.sysOREntry.sysORID.3 = OID: tcpMIB
> > system.sysORTable.sysOREntry.sysORID.4 = OID: ip
> > system.sysORTable.sysOREntry.sysORID.5 = OID: udpMIB
> > system.sysORTable.sysOREntry.sysORID.6 =
>
> - Show quoted text -
Suren Karapetyan
You got me wrong (my fault.. should be more specific :) ).
I mean why the hell did You need the comunity string to be
*LookDon'tTouchPlease! and not LookDontTouchPlease or
Anything_You_Could_Ever_Want.
Having names (well.. *strings* in general) with a ' or a * or a ! in
them is a pain in the ass and nothing else.
I would advise against using any special chars (except _ ) in names.
That holds true for almost everything:
file/directory names: c:\Program Files\... sux
Microsoft has to implement some black magic to make it's command
prompt remotely useful because of this names.
If they didn't do it You would have to do
cd "C:\\Program\ Files\\Some\ name\(some dumb comment\)"
and similar strange things.
email addresses
charles...@gmail.com...
Because of this Google had to make it's system do very strange things.
In fact Your real address is charle...@gmail.com .
GMail servers clear the dots from all the incoming addressed.
As a result of this mail sent to c.h.a.r.l.e....@gmail.com
is also delivered to You.
Anything else which should be easily accessible shouldn't contain
special chars:
CmdrTaco: Have you seen my new site?
Friend(on the phone): What's the address?
CmdrTaco: h t t p colon slash slash slash dot dot net.
Friend(on the phone): WTF?
PS: This confusion was the main reason for the name of slashdot.net
chaz11581
setup here and I just configured the server in question with the
community string that they had already created
(*LookDon'tTouchPlease!). If I did use the community string without
the characters, SNMPwouldn't work.
On May 21, 1:49 pm, Suren Karapetyan <surenkarapet...@gmail.com>
> Anything else which should be easily accessible shouldn't contain
> special chars:
> CmdrTaco: Have you seen my new site?
> Friend(on the phone): What's the address?
> CmdrTaco: h t t p colon slash slash slash dot dot net.
> Friend(on the phone): WTF?
>
Bryan Smith
Hash: SHA1
I just made a community with the same name and tried it. Net-snmp
expects a string of OCTET type so it can handle a lot of characters, but
bash has to leave the string alone and pass it literally.
~ snmpwalk -v1 -c *LookDont_TouchPlease!
works
The string that you put in the snmpd.conf is exactly what you have to
pass to snmpwalk/get/set. Bash has to be able to handle the strings too
so you will have to prepend the \ for the special characters so bash can
parse it
These work in the snmpd.conf and with snmpwalk
snmpwalk -v1 -c LookDon]tTouchPlease 192.168.1.1
rocommunity LookDon]tTouchPlease 192.168.1.0/24
This one is my favorite, LOL
rocommunity *LookD@ntTouchPlease! 192.168.1.0/24
snmpwalk -v1 -c *LookD@ntTouchPlease! 192.168.1.1
rocommunity LookDon@tTouchPlease 192.168.1.0/24
snmpwalk -v1 -c LookD@ntTouchPlease 192.168.1.1
rocommunity "*LookDon\`tTouchPlease|" 192.168.1.0/24
snmpwalk -v1 -c "*LookDon\`tTouchPlease|" 192.168.1.1
rocommunity "*LookDon_tTouchPlease|" 192.168.1.0/24
snmpwalk -v1 -c "*LookDon_tTouchPlease|" 192.168.1.1
You will be monkeying around all day with this, just stay away from the
< > ` ' and ! maybe...a lot of the other characters work without any limbo.
Why not use SNMP v3 ?
- --
A healthy diet includes Linux, Linux and more Linux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFINHUJh+MLjl5SKYQRAjxiAJ9kHSTqcwiyj9Ep17N1UfvMgYG2PgCeMmrx
8rPcRkxdbhA7HkegXOdmslI=
=s0E5
-----END PGP SIGNATURE-----
Bryan Smith
Hash: SHA1
It's actually more "secure" if you use special characters in SNMP
strings...it's a widely held practice to make it as long and as stupid
looking as you can. It's a two fold thing...special characters provide a
level of security and a disability. Most vulnerabilities and exploits
are caused by attackers knowing that certain programs mishandle special
characters. net-snmp is not the case of course, I'd cautiously use them,
but in snmp its a good thing if you're using old V1 and V2
- --
A healthy diet includes Linux, Linux and more Linux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFINHeHh+MLjl5SKYQRAm7yAJ0Y7/AFb5hc5mLc61wQiYQ3Avz4HgCfS+wX
4nSnAvp45zcRFI4Ab0Gz04E=
=M5Ok
-----END PGP SIGNATURE-----
chaz11581
ended up put double quotes around the community string in the /etc/
snmp/snmpd.conf file and with the snmpwalk command and it now works. I
asked the techs here why they are using a community string with
wildcards in it and they had no real answer for it. Anyway, it's
working now. Thanks for all the help from everyone in this forum!
Chaz
> | system.sysORTable.sysOREntry.sysORID.7 =
> | OID:
> .iso.org.dod.internet.snmpV2.snmpModules.snmpFrameworkMIB.snmpFrameworkMIBConformance.snmpFrameworkMIBCompliances.snmpFrameworkMIBCompliance
> | system.sysORTable.sysOREntry.sysORID.8 =
> | OID:
> .iso.org.dod.internet.snmpV2.snmpModules.snmpMPDMIB.snmpMPDMIBConformance.snmpMPDMIBCompliances.snmpMPDCompliance
> | system.sysORTable.sysOREntry.sysORID.9 =
> | OID:
> .iso.org.dod.internet.snmpV2.snmpModules.snmpUsmMIB.usmMIBConformance.usmMIBCompliances.usmMIBCompliance
Bryan Smith
Hash: SHA1
I guess I was a little late and you figured it out, but this doesn't
work for me:
"*LookDon'tTouchPlease!"
never did actually
- --
A healthy diet includes Linux, Linux and more Linux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFINHevh+MLjl5SKYQRAoNgAKCUA2N4olO8GtPsAIE9q8B876R44gCghg9D
lFo9pumzM0XCAHCMnc9pj2Y=
=6I8x
-----END PGP SIGNATURE-----
Suren Karapetyan
Oh... That makes sense now :)
Suren Karapetyan
I see the double-quotes...
Well in fact we use "public" as read-only comunity string (SNMPd is
listening on an address in a separate VLAN :) ).
It doesn't make much sense to "protect" snmpd with a "hard" read-only
community string. If someone knows what SNMP is, and is dangerous enough
for You not to want him to have read-only access, then he'll also find
out a way to spoof MACs and make one of Your monitoring computers send
the string to it.
And more.. if a guy is able to crack Your 10+ symbols long string with
brute force the few added characters won't be much of a problem for him :)
Bryan Smith
Hash: SHA1
It doesn't really matter if SNMP is running on a VLAN you should NEVER
use public and private as the SNMP communities. ANYONE who can sit down
~ at a box that has access to that VLAN can gain access to what ever
information it readable in the tree. You don't need to be a hacker to
know public and private are universal norms. That's like not changing
the password on a Linksys wirless router. It's also like saying you
don't have a root password on your system because its in a VLAN. You
assume an attacker will know how to spoof MAC's, so you just give up and
let them have access to anything they want?
| It doesn't make much sense to "protect" snmpd with a "hard" read-only
| community string. If someone knows what SNMP is, and is dangerous enough
| for You not to want him to have read-only access
It makes a lot of sense; tell me if I'm wrong, but a password is a
"hard" read-only strings too right, LOL?
If you follow any of the DISA STIGS guidlines...which all security
conscious admins should...you'd change that string...thinking it is
secure and actually running a threat assessment against your security
are two different things.
Bryan
Suren Karapetyan wrote:
| I see the double-quotes...
| Well in fact we use "public" as read-only comunity string (SNMPd is
| listening on an address in a separate VLAN :) ).
| It doesn't make much sense to "protect" snmpd with a "hard" read-only
| community string. If someone knows what SNMP is, and is dangerous enough
| for You not to want him to have read-only access, then he'll also find
| out a way to spoof MACs and make one of Your monitoring computers send
| the string to it.
| And more.. if a guy is able to crack Your 10+ symbols long string with
| brute force the few added characters won't be much of a problem for him :)
|
- --
A healthy diet includes Linux, Linux and more Linux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFINJWah+MLjl5SKYQRAvPlAJ9FXU78NZSZaqR4Quj1LIW/3pvEuACdHBjI
upwu95FnEVANKf5CYG8lXCQ=
=CfoV
-----END PGP SIGNATURE-----
Bryan Smith
Hash: SHA1
http://www.sans.org/resources/idfaq/snmp.php
Suren Karapetyan wrote:
| Bryan Smith wrote:
| I see the double-quotes...
| Well in fact we use "public" as read-only comunity string (SNMPd is
| listening on an address in a separate VLAN :) ).
| It doesn't make much sense to "protect" snmpd with a "hard" read-only
| community string. If someone knows what SNMP is, and is dangerous enough
| for You not to want him to have read-only access, then he'll also find
| out a way to spoof MACs and make one of Your monitoring computers send
| the string to it.
| And more.. if a guy is able to crack Your 10+ symbols long string with
| brute force the few added characters won't be much of a problem for him :)
|
- --
A healthy diet includes Linux, Linux and more Linux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFINJd8h+MLjl5SKYQRAvMlAKCBxy5+U432TZuxG+aClbq+oYO+VwCeJOIS
fwV6kSA8+FnQV1Tp/8atu/o=
=t61a
-----END PGP SIGNATURE-----
Suren Karapetyan
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It doesn't really matter if SNMP is running on a VLAN you should NEVER
> use public and private as the SNMP communities. ANYONE who can sit down
> ~ at a box that has access to that VLAN can gain access to what ever
> information it readable in the tree. You don't need to be a hacker to
> know public and private are universal norms. That's like not changing
> the password on a Linksys wirless router. It's also like saying you
> don't have a root password on your system because its in a VLAN. You
> assume an attacker will know how to spoof MAC's, so you just give up and
> let them have access to anything they want?
>
Yep...If a guy manages to sit down at a box next to the server room (the
one with glass walls) while none of the staff is there, then YES... he
CAN get access to anything. And he won't have to use some soft to kill
the screensaver on my workstation which usually has at least one root
shell on one of the servers. He won't even have to get the DSA keys from
my home folder (restart->livecd->restart->say you touched the power-cord
by accident). He'll just have to open the door and enter the server
room... here... he has "access".
And about the Linksys AP.. I'm not sure it gives away it's WEP (funny
yeah? :) ) keys with SNMP read-only. But I'm quite sure You won't be
able to add a MAC address to the whitelist with SNMP-read (yes... You'll
need write). And I'm even surer that You can do that with admin/root
password.
So "ability to get interface traffic stats" != "ability to do rm -fr /".
You're comparing apples and windowses :D
> | It doesn't make much sense to "protect" snmpd with a "hard" read-only
> | community string. If someone knows what SNMP is, and is dangerous enough
> | for You not to want him to have read-only access
>
> It makes a lot of sense; tell me if I'm wrong, but a password is a
> "hard" read-only strings too right, LOL?
nope... it's read-write :)
My read community is "public".
But write access is disables everywhere I can and where it isn't, the
string is something like
"pridfjhsdkjfhasjkdfhkljasdhfkjfhbvbwerqwertery54vate".
Bryan Smith
Hash: SHA1
|> Yep...If a guy manages to sit down at a box next to the server room (the
|> one with glass walls) while none of the staff is there, then YES... >>he
LOL that is funny true indeed, but you didn't answer my main question
|> CAN get access to anything. And he won't have to use some soft to >>kill
|> the screensaver on my workstation which usually has at least one root
|> shell on one of the servers. He won't even have to get the DSA keys
|>from
|> my home folder (restart->livecd->restart->say you touched the
|>power-cord
|> by accident). He'll just have to open the door and enter the server
|> room... here... he has "access".
|
|> And about the Linksys AP.. I'm not sure it gives away it's WEP (funny
|> yeah? :) ) keys with SNMP read-only.
Noooo...I mean the default username and password combination on Linksys
routers
|>But I'm quite sure You won't be
|> able to add a MAC address to the whitelist with SNMP-read (yes...
|>You'll
|> need write). And I'm even surer that You can do that with admin/root
|> password.
|> So "ability to get interface traffic stats" != "ability to do rm -fr /".
|
|> You're comparing apples and windowses :D
You misunderstood what I was saying Suren, but you said this
|> nope... it's read-write :)
HA...you know what I meant
|> My read community is "public".
|> But write access is disables everywhere I can and where it isn't, the
|> string is something like
|> "pridfjhsdkjfhasjkdfhkljasdhfkjfhbvbwerqwertery54vate".
Well that looks like a "hard" community string to me. Is it not?
|
iD8DBQFINJxvh+MLjl5SKYQRAtYvAJ9PGn8Es2beqLtV7ffFIYYMlsOH5gCfaRiW
2INJrniqXF5p0wYVm8HStVM=
=TZ5D
-----END PGP SIGNATURE-----
Suren Karapetyan
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> |> Yep...If a guy manages to sit down at a box next to the server room (the
> |> one with glass walls) while none of the staff is there, then YES... >>he
> LOL that is funny true indeed, but you didn't answer my main question
> |> CAN get access to anything. And he won't have to use some soft to >>kill
> |> the screensaver on my workstation which usually has at least one root
> |> shell on one of the servers. He won't even have to get the DSA keys
> |>from
> |> my home folder (restart->livecd->restart->say you touched the
> |>power-cord
> |> by accident). He'll just have to open the door and enter the server
> |> room... here... he has "access".
> |
> |> And about the Linksys AP.. I'm not sure it gives away it's WEP (funny
> |> yeah? :) ) keys with SNMP read-only.
> Noooo...I mean the default username and password combination on Linksys
> routers
Linksys routers also have snmp, don't they?
> |>But I'm quite sure You won't be
> |> able to add a MAC address to the whitelist with SNMP-read (yes...
> |>You'll
> |> need write). And I'm even surer that You can do that with admin/root
> |> password.
> |> So "ability to get interface traffic stats" != "ability to do rm -fr /".
> |
> |> You're comparing apples and windowses :D
> You misunderstood what I was saying Suren, but you said this
No I didn't ;-)
>
> |> nope... it's read-write :)
> HA...you know what I meant
Of course I know :P
> |> My read community is "public".
> |> But write access is disables everywhere I can and where it isn't, the
> |> string is something like
> |> "pridfjhsdkjfhasjkdfhkljasdhfkjfhbvbwerqwertery54vate".
> Well that looks like a "hard" community string to me. Is it not?
It is :)
But it's the string for read-write community not just read-only.
Oh and BTW: it doesn't contain special chars :)
PS: looks like I understood why we talk different languages :)
I have 2 types of devices with snmp in my network:
Linux servers: these even don't have a write-enabled community
D-Link switches: these allow You to set 2 strings: one for read-only, 1
for read-write. Do the Linksys ones have one? If so is there no way to
disallow snmp writes?
PSS: Looks like I need some sleep.
Bye
Ryan Graham
I'm inclined to wonder the same thing.
Being "security conscious" with SNMPv1 is about the same as being
security conscious with telnet. At least v3 has some notion of
privacy.
~Ryan
--
http://rmgraham.blogspot.com
Suren Karapetyan
Maybe because of no support in a huge portion of hardware?
