mharrima101 (sent by Nabble.com) wrote:
Please excuse if this post is not in the correct place - I wasn't sure
where to put a question such as this.
We are using an HP ProCurve switch in our network as a router ( it’s a
layer 3 switch ). We are communicating with all devices on the far side
of the router (HP switch) with SNMP – including the far side management
interface of the HP switch. When the switch responds to the SNMP query
it uses the near side IP address as the source address in the UDP header
– rather than the far side IP address that the query was addressed to.
Since this is not the IP that we are intending to talk to, our security
policy does not allow us to accept the message.
Is the behavior of the HP switch legal under UPD? It seems to me as
though this should not be allowed.
UDP is connectionless.
From a UDP point of view, it is legal for the HP switch to send a UDP
packet with any IP address from one of its own network interfaces (as
per RFC1122, since it is acting as a host when it sources or sinks traffic).
This may or may not be the case from SNMP's point of view, however, just
as Sec 7.3 of RFC1035 points out a similar DNS "name server bug" (quoted
from the RFC, as others have raised as related).
I.e., this is probably an SNMP bug, possibly an SNMP protocol violation,
but not a UDP issue. (hint: if you have to look at the UDP payload to
decide if it's valid, it's not a UDP issue).
Joe
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf