Netcache snmp behaviour

[mdavids () CASEMA NET (Marco Davids)]

Hi,

We noticed an unexpected behaviour on our NetApps C630
Netcache's. The problem even seems to exist in the latest software-
release 3.3.1.

The problem concerns the SNMP default community-name setting,
which is set to 'public'.

When changed into something else, using the webinterface, one
might think that de default community-name is disabled. However,
this is not the case. The new community-names are simply added
to the existing default one. In other words; using the webinterface
to enter extra community-names will _not_ disable the default.

SNMP-Information can thereby still be retreived form the 'toaster'.
This enables easy access to information you might not want to
reveal.

The only thing I could come up with to avoid this problem is to
manually  telnet into the Netcache, and issue the command: 'snmp
delete ro community public' after every reboot.
(this can only be done in the 'extended' command-mode)

One could also edit /etc/rc and include this command, but please
note that after every change through the web-interface this /etc/rc
file is overwritten.

Off course it is probably wise, although not allways an option, to
restrict snmp-access at all, for instance by using router-
accesslists.

Cheers.





Marco Davids                      +31(0)15 8881000 fax +31(0)15 8881099
N.V. Casema -- Internet NOC       mailto:mdavids () casema net
Systemadministrator               http://www.casema.net/~mdavids