Chapter 12 – Network Monitoring Using Linux
- Write access for SNMP allows you to monitor (read) device or host parameters, as well as set (write) those same parameters. So, with read-write access, you could change the interface speed or duplex, reboot or shut down a device, or download a configuration. There is a nmap script that makes such a configuration download simple:
snmp-ios-config.nse. - Syslog is most often sent in clear text over
514/udp. There is an option to encrypt this traffic using IPSEC, but it is not widely implemented. The risks are that sensitive information is sent using syslog, and as it's clear text, anyone in a position to read it can either collect that information for later use or modify it as it is sent.For instance, it's fairly common to have an administrator put their password in the
useridfield, which means that the password is possibly compromised at that point. The next step that person usually takes is to try again, correctly...
