Re: Squid SNMP Features

From: Matija Grabnar <Matija.Grabnar@dont-contact.us>
Date: Fri, 09 Oct 1998 16:58:38 +0200

> The first is the use of acl's in the SNMP configuration. My current
> preference would be to drop this feature totally and rely upon the use of
> community strings. This would reduce complexity and make the code
> considerably cleaner.
when it comes to deciding on how to do SNMP for servers I tend to look at
how our hardware people use it to handle hardware SNMP devices.

I find they prefer to limit the access to SNMP so that is only available
from specified IPs. Only if those IPs host users who might not be authorized
to access the data do they use community strings.

It's a security kind of thing. What happens if someone floods you cache with
thousands of SNMP requests hoping to find your community string? Would you
even notice the extra traffic? How many people change their community strings
regularly? If that requires reconfiguring all their monitoring scripts, do
you realy think they would want to bother?

IOW, I vote for the acl control of access to SNMP to stay.

-- 
"My name is Not Important. Not to friends. 
    But you can call me mr. Important"  - Not J. Important 
Matija.Grabnar@arnes.si
Received on Fri Oct 09 1998 - 07:58:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:24 MST