SNMP Agent Responds to Any Community Name (99880)
The information in this article applies to:
- Microsoft Windows NT Server 3.1
- Microsoft Windows NT Workstation 3.1
This article was previously published under Q99880 SUMMARY
Windows NT provides support for Microsoft Simple Network Management
Protocol (SNMP) on a TCP/IP network. The security options for SNMP
include a list of community names. If you remove all the community
names, including the default name, Public, SNMP will respond to any
community names presented.
This is expected behavior, as described in the request for comments
document, RFC 1157:
An SNMP message originated by an SNMP application entity that
in fact belongs to the SNMP community named by the community
component of said message is called an authentic SNMP message.
The set of rules by which an SNMP message is identified as an
authentic SNMP message for a particular SNMP community is called
an authentication scheme. An implementation of a function that
identifies authentic SNMP messages according to one or more
authentication schemes is called an authentication service.
Clearly, effective management of administrative relationships
among SNMP application entities requires authentication services
that (by the use of encryption or other techniques) are able to
identify authentic SNMP messages with a high degree of certainty.
Some SNMP implementations may wish to support only a trivial
authentication service that identifies all SNMP messages as
authentic SNMP messages.
When there are no community names identified, Windows NT follows the
specification noted in the last sentence:
Some SNMP implementations may wish to support only a trivial
authentication service that identifies all SNMP messages as
authentic SNMP messages.
| Modification Type: | Major | Last Reviewed: | 10/30/2003 |
|---|
| Keywords: | kbnetwork KB99880 |
|---|
|