I am copying this message to the snmpv3 list for discussion. Please do
not copy subsequent discussion to the IETF general list.
Dbh
David Harrington
dbh(_at_)enterasys(_dot_)com
co-chair, IETF SNMPv3 WG
-----Original Message-----
From: Wijnen, Bert (Bert) [mailto:bwijnen(_at_)lucent(_dot_)com]
Sent: Wednesday, August 06, 2003 3:36 PM
To: Fleischman, Eric; Uri Blumenthal; Bill Strahm
Cc: ietf(_at_)ietf(_dot_)org; Harrington, David; Russ Mundy (E-mail)
Subject: RE: Securing SNMPv3 via SSH tunnels
Eric, it would be good if you could describe the "spoofing" and
possible other vulnerabilities that you see.
Not sure that the generic IETF mailing list is the proper
mailing list for that. I propose we move the discussion
to the SNMPv3 mailing list. I copied the WG chairs to see
if they would permit us to have that discussion over there.
If so, they can send the ptr to the list.
Thanks,
Bert
-----Original Message-----
From: Fleischman, Eric
[mailto:eric(_dot_)w(_dot_)fleischman(_at_)boeing(_dot_)com]
Sent: woensdag 6 augustus 2003 20:08
To: Uri Blumenthal; Bill Strahm
Cc: ietf(_at_)ietf(_dot_)org
Subject: RE: Securing SNMPv3 via SSH tunnels
Uri,
I don't think that this list would be well served by a debate
on whether SNMPv3's security provisions are adequately secure
or not, though I personally would greatly value having a
private discussion with interested individuals on that topic.
Suffice it to say here that I am familiar with RFC 3414 and
RFC 3415 and I am skeptical that existing SNMPv3 security
provisions provide adequate protections for the application I
am building. I am therefore seeking to supplement SNMPv3's
security provisions via mechanisms which are less subject to
abuse, which is why I made my original posting to this list.
I have no ax to grind in this matter -- I am only seeking
after the welfare of our product. It is, of course, possible
that I have overlooked something important which would
justify your skepticism of my current conclusions. If so, I
would value privately benefiting from the wisdom of your
insights. I similarly would value learning the insights of
any other reader with experience securing SNMPv3 for
mission-critical devices which do not sit behind firewalls.
--Eric
-----Original Message-----
From: Uri Blumenthal [mailto:uri(_at_)lucent(_dot_)com]
Sent: Wednesday, August 06, 2003 10:32 AM
To: Bill Strahm
Cc: Fleischman, Eric; ietf(_at_)ietf(_dot_)org
Subject: Re: Securing SNMPv3 via SSH tunnels
Bill, what is this about? Eric obviously wasn't aware
that the problems he listed applied to the older versions
of SNMP protocol, namely SNMPv1 and SNMPv2c. The current
standard SNMPv3 (which obsoletes those) is designed
specifically to address the listed vulnerabilities.
So this whole notion of securing SNMPv3 with SSH is
ridiculous.
On 8/6/2003 12:34 PM, Bill Strahm wrote:
The problem that you have with TCP (and made worse by SSH
tunneling on top of
it) is that the number of round trips needed to
successfully get a data packet
through is unreasonably high in a situation where you are
attempting to
diagnose a network fault.
The other choice is to leave a LOT of state open (ie. TCP
connections)
requiring a lot of extra memory, etc. on the device. That
said there is no
reason why you can not create a tunnel to a secure
environment and run your
SNMP traffic from there.
Bill
On Wed, Aug 06, 2003 at 08:42:49AM -0700, Fleischman, Eric wrote:
I am seeking to secure SNMPv3 communications (e.g., RFC
3414), trying to protect against its well-known
vulnerabilities such as spoofing. Had SNMPv3 run over TCP,
instead of UDP as it does, then I perhaps may attempt to
protect it via SSH port forwarding (i.e., SSH tunneling).
Coincidentally, I've just read a description in Bob Toxen's
book "Real World Linux Security" (page 141) about an approach
he has apparently used of wrapping UDP in TCP and SSH in
order to accomplish SSH port forwarding for UDP-based
protocols as well. This makes me wonder whether SNMPv3 may be
a viable candidate for SSH tunneling after all. I am
wondering whether anybody in the list has any insights as to
the viability and weaknesses of this suggested approach. I am
especially interested in learning how people on this list
secure SNMPv3. Thank you.
_______________________________________________
This message was passed through
ietf_censored(_at_)carmen(_dot_)ipv6(_dot_)cselt(_dot_)it, which is a sublist
of
ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are passed. Decisions on
what
to pass are made solely by Raffaele D'Albenzio.