|
Re: Side note on SNMP security alert !
2002-02-28 21:30:53
|
Subject: |
Re: Side note on SNMP security alert ! |
|
From: |
Gabriel Wiley <wileyg AT US.IBM DOT COM> |
|
Date: |
Thu, 28 Feb 2002 21:24:51 -0500 |
The fix is out.
APAR (IY17630) is available for 4.3.2, just not available for anything
4.3.0 and earlier.
If you fall between the boundries.
Gabriel C. Wiley
ADSM/TSM Administrator
AIX Support
Phone 1-614-308-6709
Pager 1-877-489-2867
Fax 1-614-308-6637
Cell 1-740-972-6441
Siempre Hay Esperanza
"Cook, Dwight E
(SAIC)" To: ADSM-L AT VM.MARIST
DOT EDU
<cookde AT BP DOT COM> cc:
Sent by: "ADSM: Subject: Side note on SNMP
security alert !
Dist Stor
Manager"
<[email protected]
.EDU>
02/28/2002 07:27
AM
Please respond to
"ADSM: Dist Stor
Manager"
Slightly off topic but since we are in the recovery position,
anything to help ward off data loss to begin with is close to on topic...
This is all I know for the time being...
Dwight
The Threat
SNMP (Simple Network Management Protocol) is a set of protocols designed
for
monitoring and configuring network devices and it operates on every device
connected to the bp network. We have now been informed of a security bug
that makes the network and all connected devices that use SNMP vulnerable
to
attack. To compound the threat, the techniques for exploiting this
vulnerability were recently published on the internet. Devices which are
attacked need to be reloaded manually during which time the device would be
unavailable with consequential business disruption. An exploited widescale
attack would result in a serious denial of service for our network, the
greatest risk being initially to internet connections and internet facing
devices, so we must act now to protect ourselves. Security patches have
been issued by vendors but it will take some time before these can be
implemented , so we need to act in a way that protects our most vulnerable
devices first.
|
|
|
