[VOIPSEC] SNMP support for EventCorrelation/NetworkManagementSystems

Christopher A. Martin chris at sip1.com
Wed Feb 23 22:05:30 CST 2005 

I suspect if they are going to implement SNMP the message is getting out
there...

I would not even consider the alternatives unless there were SSL/TLS or SSH
support of some kind to protect the confidentiality of the traps and or
signaling as this can be valuable information to an attacker if it can be
gained.

________________________________

Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
 
Domains.SIP1.com
http://domains.sip1.com 
Low cost domain name registration & other Internet services.
 
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
 

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Mark Teicher
> Sent: Wednesday, February 23, 2005 7:13 AM
> To: Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] SNMP support for
> EventCorrelation/NetworkManagementSystems
> 
> Some vendors support varying degrees of SNMP, some support SNMP V1/SNMP
> V2, very few VOIP vendors support SNMP V3.  Some use a proprietary Command
> Line Output for event messaging.
> 
> It is a bit interesting attempting to convert CLI messages that appear in
> the following:
> 20041115:070421000:18698:lxsys:MED:dtool1: 10.1.2.3 ES
> 20041115:070421000:18699:lxsys:MED:dtool1: 10.1.2.3 ES
> 20041115:070422000:18700:lxsys:MED:dtool1: 10.1.2.3 ES
> 20041116:073456000:19331:lxsys:MED:dtool1: 10.1.2.3 ES
> 20041116:073456000:19332:lxsys:MED:dtool1: 10.1.2.3 ES
> 20041116:073459000:19333:lxsys:MED:dtool1: 10.1.2.3 ES
> 
> In other products, messages are not sent to syslog until the termination
> of a session, so real-time monitoring via common network protocols are
> more than a bit trivial.  Regardless of how the information is translated,
> receiving the information and interpreting the information into something
> useful has become an exercise.  As it appears each vendor has taken
> various approaches in implementing their own form and interpretation of
> default thresholds, that may or may not apply to the particular VOIP
> integration.  The more interesting tidbit in the syslog and SNMP packets
> via some network monitoring that "encryptionOff" during multiple RTP
> sessions have appeared. In some VOIP integrations, this is a typical
> default configuration.
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Christopher A. Martin
> Sent: Tuesday, February 22, 2005 11:59 PM
> To: 'Mark Teicher'; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] SNMP support for Event
> Correlation/NetworkManagementSystems
> 
> They also need to insure that the level of SNMP is v3, otherwise in the
> very public deployments this could lead to a breach...
> 
> I would only recommend syslog for the very closed networks where providers
> are the only ones that can access traffic between the endpoint and the
> provider...(like ISP's)
> 
> ________________________________
> 
> Christopher A. Martin
> P.O. Box 1264
> Cedar Hill, Texas 75106
> 
> Domains.SIP1.com
> http://domains.sip1.com
> Low cost domain name registration & other Internet services.
> 
> Sign up for your PayPal merchant account today and start selling your
> products on line today!
> https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
> 
> 
> > -----Original Message-----
> > From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
> > On Behalf Of Mark Teicher
> > Sent: Tuesday, February 22, 2005 7:11 AM
> > To: Voipsec at voipsa.org
> > Subject: [VOIPSEC] SNMP support for Event Correlation/Network
> > ManagementSystems
> >
> > It appears that some of the vendors provide support SNMP but VOIP
> > vendors have yet to predict that since incorporating VOIP into an
> > existing data network.  The data network may have a Network Management
> > System (NMS) integrated in to provide the system
> > administrators/network administrators visibility to the health of
> > their network.  In introducing VOIP, VOIP products still require some
> > assistance in providing the same type of visibility to NMS systems as
> > found in the data world.  Especially if vendors are thinking about
> > offering some type of managed service on top of integration services.
> > Properly formatted syslog and properly designed SNMP mibs are the
> default for NMS systems.
> >
> > /m
> >
> >
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list