pmccubbin Sun, 12/30/2007 - 05:07
User Badges:
  • Silver, 250 points or more

Hi Zakhar.



The answer to your question is no.


MARS does not accept inbound SNMP traffic. This is a security feature so that MARS cannot be exploited by an outside device.


In a nutshell, SNMPv3 involves shared passwords between devices. The thinking is that you wouldn't want your router to have the password of the MARS box.


MARS does use SNMP to notify pre-defined users in the event of a high-level security incident.


Hope this helps.


Best,

Paul


cisco24x7 Sun, 12/30/2007 - 07:10
User Badges:
  • Silver, 250 points or more

Well, think about it. MARS is nothing

but a hardened customize Linux OS. All Linux

OS will let you configure snmpd with SNMPv3.


SNMPv3 has strong authentication and if you

configure your network properly, it should be

good enough.


If MARS does not accept inbound snmp traffic,

how does one go about monitoring this device

via to make sure that everything is working

properly? Guess what, even firewalls let

you configure snmp for monitoring, and you

don't think is an important device?


It does not make sense for MARS not to accept

inbound snmp if you ask me.

gojericho0 Mon, 12/31/2007 - 06:20
User Badges:
  • Bronze, 100 points or more

As far as I can tell MARS does accept incoming SNMP traps, but unfortunately only an SNMP community string can be used. I have been using this for all devices not touching the internet and configuring them with a read only string.

more_jazZz_2 Tue, 01/01/2008 - 01:50
User Badges:

Thank you for your answers, guys. But I want define more precisely my question. If I tune snmp v3 on my network devieces. Is it possible to use snmp RO and RW community string from CS-MARS for recive and mitigate may network devices?

Actions

This Discussion