All,
I was tasked to investigate with turning on checkpoint snmpd (udp port 260)
on
Nokia IP 390 boxes running IPSO 4.1 with checkpoint NGx. I can get both
nokia
snmpd (udp port 161) and checkpoint snmpd (udp port 260) running the on the
Nokia IP390.
The problem I have with checkpoint snmpd daemon is that as soon as I turn on
checkpoint snmpd daemon (udp port 260), I can connect to the firewall via
snmp port 260 from my linux machine:
snmpwalk -v 1 192.168.1.1 -c public .1.3.6.1.4.1.2620
it seems like checkpoint default the community to "public" even though this
community "public" is nowhere in the $FWDIR/conf/snmp.C file. If I want to
use
something else besides "public", I have to create that in the
$FWDIR/conf/snmp.C
file.
This, to me, is a security risk, don't you think? I mean, using "public" as
a default
community string.
Any comments?
cisco4ng
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+
countries) for 2¢/min or less.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
