Home page logo

nanog logo nanog mailing list archives

Re: Writable SNMP
From: Jeff Wheeler <jsw () inconcepts biz>
Date: Tue, 6 Dec 2011 14:18:52 -0500

On Tue, Dec 6, 2011 at 11:07 AM, Keegan Holley
<keegan.holley () sungard com> wrote:
For a few years now I been wondering why more networks do not use writable
SNMP.  Most automation solutions actually script a login to the various

I've spent enough time writing code to deal with SNMP (our own stack,
not using Net-SNMP or friends) to have a more in-depth understanding
of SNMP's pitfalls than most people.  It is TERRIBLE and should be
totally gutted and replaced with something more sane, less likely to
have bugs, etc.  There is a good reason why many major bugs have
popped up over the years allowing devices to be crashed with crafted
SNMP packets -- it's honestly not that easy to get right, especially
if you really implement every possible encoding so some random
customer with a brain-damaged SNMP client stack won't come crying to
you that his client won't work.

Juniper does not support writing via SNMP.  I am glad.  Hopefully that
is the first step toward not supporting SNMP at all.

Jeff S Wheeler <jsw () inconcepts biz>
Sr Network Operator  /  Innovative Network Concepts

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]