Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2426] SNMPv3 Engine ID registration

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 2 Mar 2010 07:05:00 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2426

--- Comment #7 from LEGO <luis.ontanon@xxxxxxxxx> 2010-03-02 07:04:22 PST ---
well the example you gave has 6 duplicated entries (same username+engineId).

according to the RFC, for a given engineId one and only one entry for any
UserName can be provided.

so for:

11111111,authusermd5des,MD5,authusermd5despw,DES,authusermd5despw
and
11111111,authusermd5des,MD5,authusermd5aespw,AES,authusermd5aespw

where "11111111+authusermd5des" is the key (and by the standard should e
unique), are duplicated entries.

For one machine alone the standard states (when defining the usmUserTable) that
only one entry for a given engineId+userName can be present at any time.

Now it is true that you could have two different machines using the VERY SAME
engineId having each of them entries for the same username with diferent
security atributes.

When implementing SNMP decryption, I did not take into consideration the issue
of two different machines sharing the same engineId. In order to do so the code
should use the address of the agent as a part of the key. Although It could be
done in wireshark, i do not think it is worth, as good network practice would
impose to have each node using a different engineId.

I see no use of having duplicate engineIds in the same network besides negative
testing for some NMS. So although possible, identical engineIds are not teken
in consideration.

In multiplexed SNMP (e.g. passing an SNMP gateway or relay) where the address
of the agent is lost, it would be impossible for the NMS to distinguish between
the two machines that share the same engineId. As the engineId is used to
distinguish between different agents behind the same mux.

I do not really believe that in the same machine Cisco will allow the
possibility of having two different entries for the same username on the same
machine. (the config files you gave have none). The cisco routers I have at
home do not implement SNMPv3 (they both are older than the standard and do not
have enough RAM to run a more recent version of the OS).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube